Graph API azure directory authorization error

0
votes

I have a graph API app and want it to be accessible to every user for authorizing.

The app is made to be a multi-tenant application that should be available to everyone (see screenshot)1.

When a user who is not added to the azure active directory tries to access to grant permissions to the app, they get this error saying "the user is not added to the azure active directory, and the user needs to be added as a tenant to the app"

I am using this link for oauth access https://login.microsoftonline.com/DIRECTORY_ID/oauth2/v2.0/authorize?client_id=CLIENT_ID2&response_type=code&redirect_uri=http://localhost:3000/auth/callback&response_mode=query&scope=offline_access Channel.Create Channel.ReadBasic.All ChannelMessage.Send Team.ReadBasic.All Group.ReadWrite.All&state=12345

error message from graph app

1
azure-active-directorymicrosoft-graph-api
Hi @Pallavi, please mention the question here with clear details.Hari Krishna
Hello @HariKrishna--MSFTIdentity I have edited the description with more detailsPallavi Gupta
Hi @Pallavi, I have corrected the URL from application id to directory id in your question. I will update the answer for your scenario soon.Hari Krishna
Please check the answer.Hari Krishna

1 Answers

0
votes

You are using a tenant specific endpoint which will not support personal account. You need to use a common endpoint(login.microsoftonline.com/common/oauth2/v2.0/).

Based on your URL you have shared, you can use below example syntax,

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=CLIENT_ID2&response_type=code&redirect_uri=http://localhost:3000/auth/callback&response_mode=query&scope=offline_access

Also, Please refer to similar question here.