Login/Register
Microsoft Graph API OrganizationFromTenantGuidNotFound using MSAL
Asked Answered
microsoft-graph-apisingle-page-applicationazure-ad-msal
I

2

7

In AAD App registration has Implicit Grant Flow to true; We have delegated permissions to User.Read and User.Read.All.

private static getContext(): Msal.UserAgentApplication {
    if (AuthenticationService.Context) return AuthenticationService.Context;
    const logger = new Msal.Logger((_logLevel, message, _piiEnabled) => {
        console.log(message);
    }, { level: Msal.LogLevel.Verbose, correlationId: "12345" });

    AuthenticationService.Context = new Msal.UserAgentApplication(
        Environment().authentication.clientId,
        AuthenticationService.getAuthority(),
        (errorDesc, token, error, _tokenType) => {
            if (token) {
                AuthenticationService.isAuthenticated = true;
                AuthenticationService.accessToken = token;
            } else {
                const localizedError: string = LocalizationService.localize(error);
                alert(localizedError !== error ? localizedError : errorDesc);
            }
        },
        {
            logger: logger,
            storeAuthStateInCookie: true,
            state: "12345",
            cacheLocation: "localStorage" // enable this for IE, as sessionStorage does not work for localhost.
        });
    if (AuthenticationService.Context.getUser()) {
        AuthenticationService.isAuthenticated = true;
    }

    return AuthenticationService.Context;
}

We have login method:

public static login(): void {
    const context: Msal.UserAgentApplication = AuthenticationService.getContext();
    if (context.loginInProgress()) return;
    AuthenticationService.CurrentUser = null;
    context.loginRedirect(AuthenticationService.SCOPES);
}

And we have method to get token for graph:

public static async getGraphToken(): Promise<string | null> {
    const authContext: Msal.UserAgentApplication = AuthenticationService.getContext();
    const cachedUser: Msal.User = authContext.getUser();
    if (!cachedUser) {
        return null;
    }
    return authContext.acquireTokenSilent(AuthenticationService.SCOPES);
}

When I use graph token to get user photo I have:

{
    "error": {
        "code": "OrganizationFromTenantGuidNotFound",
        "message": "The tenant for tenant guid '68cc0dcb-5873-4ea0-a498-fe57e9b51827' does not exist.",
        "innerError": {
            "request-id": "b402e405-342a-4002-a880-84f30413cbf7",
            "date": "2018-11-30T23:39:23"
         }
     }
}
Imagery answered 30/11, 2018 at 23:55 Comment(2)
I am getting this same error, except when trying to update UserSettings on a UserBrest
Actually it might be the scopes thats giving error. graph.microsoft.com/v1.0/…. If you have this and get the error than your select scope is not there. if i do graph.microsoft.com/v1.0/me?$select=displayName,mail than it works magic. Hope it helps.Reider
C
2

I had the same issue and after 4 hours of trial and error I solved the problem.

My scenario was a bit different but maybe it will apply to your case.

I was trying to read user emails (/users/userId/messages) which failed with the same error. Trying to get info on a user did work but trying to get messages failed, which led me to realize that even though the users did exist on my AD, the actual AD of the exchange account was different... Once I moved my app registration to the correct AD everything worked perfectly...

Hope that helps...

Cheney answered 9/12, 2018 at 12:1 Comment(2)
How exactly did you "move yoru app registration to the correct AD"? Can you elaborate on that?Bracci
In aad.portal.azure.com/#blade/Microsoft_AAD_IAM/… there is the tenant id propery which I used in the oauth url - login.microsoftonline.com/${tenantId}Cheney
R
-1

I had the same error when used tenantId from Azure AD.

I fixed it after changing tenantId on "consumers" ("common", "organizations")

Ravin answered 25/12, 2018 at 0:13 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.