Microsoft Graph API OrganizationFromTenantGuidNotFound using MSAL

6
votes

In AAD App registration has Implicit Grant Flow to true; We have delegated permissions to User.Read and User.Read.All.

private static getContext(): Msal.UserAgentApplication {
    if (AuthenticationService.Context) return AuthenticationService.Context;
    const logger = new Msal.Logger((_logLevel, message, _piiEnabled) => {
        console.log(message);
    }, { level: Msal.LogLevel.Verbose, correlationId: "12345" });

    AuthenticationService.Context = new Msal.UserAgentApplication(
        Environment().authentication.clientId,
        AuthenticationService.getAuthority(),
        (errorDesc, token, error, _tokenType) => {
            if (token) {
                AuthenticationService.isAuthenticated = true;
                AuthenticationService.accessToken = token;
            } else {
                const localizedError: string = LocalizationService.localize(error);
                alert(localizedError !== error ? localizedError : errorDesc);
            }
        },
        {
            logger: logger,
            storeAuthStateInCookie: true,
            state: "12345",
            cacheLocation: "localStorage" // enable this for IE, as sessionStorage does not work for localhost.
        });
    if (AuthenticationService.Context.getUser()) {
        AuthenticationService.isAuthenticated = true;
    }

    return AuthenticationService.Context;
}

We have login method:

public static login(): void {
    const context: Msal.UserAgentApplication = AuthenticationService.getContext();
    if (context.loginInProgress()) return;
    AuthenticationService.CurrentUser = null;
    context.loginRedirect(AuthenticationService.SCOPES);
}

And we have method to get token for graph:

public static async getGraphToken(): Promise<string | null> {
    const authContext: Msal.UserAgentApplication = AuthenticationService.getContext();
    const cachedUser: Msal.User = authContext.getUser();
    if (!cachedUser) {
        return null;
    }
    return authContext.acquireTokenSilent(AuthenticationService.SCOPES);
}

When I use graph token to get user photo I have:

{
    "error": {
        "code": "OrganizationFromTenantGuidNotFound",
        "message": "The tenant for tenant guid '68cc0dcb-5873-4ea0-a498-fe57e9b51827' does not exist.",
        "innerError": {
            "request-id": "b402e405-342a-4002-a880-84f30413cbf7",
            "date": "2018-11-30T23:39:23"
         }
     }
}
2
microsoft-graph-apisingle-page-applicationmsal
I am getting this same error, except when trying to update UserSettings on a User - Lenny D
Actually it might be the scopes thats giving error. graph.microsoft.com/v1.0/…. If you have this and get the error than your select scope is not there. if i do graph.microsoft.com/v1.0/me?$select=displayName,mail than it works magic. Hope it helps. - Mansh05

2 Answers

2
votes

I had the same issue and after 4 hours of trial and error I solved the problem.

My scenario was a bit different but maybe it will apply to your case.

I was trying to read user emails (/users/userId/messages) which failed with the same error. Trying to get info on a user did work but trying to get messages failed, which led me to realize that even though the users did exist on my AD, the actual AD of the exchange account was different... Once I moved my app registration to the correct AD everything worked perfectly...

Hope that helps...

-1
votes

I had the same error when used tenantId from Azure AD.

I fixed it after changing tenantId on "consumers" ("common", "organizations")