user does not exists in the tenant directory error when calling microsoft graph api

Question

I'am trying to call microsoft graph api, I have did the instructions by microsoft documnets as bellow:

1- app registration in azure portal Supported account types : all microsoft account users 2- calling 'https://login.microsoftonline.com/',tenant_id,'/oauth2/v2.0/authorize' by these parameters:

  client_id <-  #Application Id - on the azure app overview page
    client_secret <-# the secret key for my app from azure portal 
    scope <- 'https://graph.microsoft.com/.default'
    grant_type <- 'password'
    username <- '[email protected]'
    password <-  # the user password
    tenant_id <-# tenant id for my app from azure portal

but it has this error:

AADSTS50034: The user account {EmailHidden} does not exist in the <tenant_ID> directory. To sign into this application, the account must be added to the directory.

I have registered my app by the same account that I passed through api.

I want to call my todo list from the graph.

based on @MdFaridUddinKiron's response I added some more explanation:

I think something in my domain in azure is wrong, these are some screenshot of it: 1- it shows "common" for endpoints, what should I use? "common" or my tenant: 2- my app authentication tab has some differences, is it important? 3- My domain overview page is look like this: 4- user is added in my active directory 5- user application page: 6- user assigned role:

I tested microsoft graph api successfully by the same user in the graph explorer, I am getting confused how the authentication flow must be. I just want to call my own todo tasks

personal [email protected] is not supported for grant_type:password user name must be tenant specific. — Md Farid Uddin Kiron
I have shown you details please have a try and let me know your update. — Md Farid Uddin Kiron
Dear @MdFaridUddinKiron I added more information about my problem. Could you please help me more? — pooneh_ce

Md Farid Uddin Kiron Md Farid Uddin Kiron · Accepted Answer · 2020-04-20T08:42:14

As per your comment, please follow the detail steps:

Make sure email you are trying to get token with is exists in azure ad user list which showed below in details.

https://login.microsoftonline.com/YourTenant.onmicrosoft.com/oauth2/v2.0/token

client_id:b603c7be_Client_id_e61f925
scope:https://graph.microsoft.com/.default
client_secret:NpmwO/KDJ_client_secret:NpmwO_W0kWf1SbnL
username:tenentUser.onmicrosoft.com
password:YourUserPassword
grant_type:password

See the screen shot:

I am getting token as expected

Step: 1

Step: 2

Step: 3

Step: 4

Filter your user from your azure active directory user list as shown below.

Note:

Requested token user must be a tenant user for example [email protected]

User password must be correct that you are suing to token request.

Make sure your user belong to azure portal on your tenant

Your Client Id belongs to that tenant

Application secret is valid or not expired.

Update:

What should I use? "common" or my tenant?

It depends if you have many tenant in that case you can use common. For example user need not to remember specific tenant they would automatically redirected to specific tenant as per the credentials they given.

For more information you could refer Official document

Feel free to share still you are having problem.

user does not exists in the tenant directory error when calling microsoft graph api

1 Answers