Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
I'm trying to get the events from outlook calendar but I get an error doing so. I have an app registered on Azure Portal (free plan), which I'm using to read the events with Nodejs. This are the permissions I've set in order to be able to query the Microsoft Graph API:
ApiPermissions
Using https://login.microsoftonline.com/{tenantId}/oauth2/authorize?client_id={clientId}&response_type=code&redirect_uri=http://localhost:3000&scope=https://graph.microsoft.com/.default openid profile offline_access&state=12345 I've been able to get a {code} which I'm using to redeem an access token using https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token with this body parameters:
{
"grant_type": "authorization_code",
"code": "{code}",
"redirect_uri": "http://localhost:3000",
"client_id": "{clientId}",
"client_secret": "{clientSecret}",
"scope": "https://graph.microsoft.com/.default openid profile offline_access"
}
I believe that the scope of this token is also suitable for what I need:
TokenError
When I try to make a request to https://graph.microsoft.com/v1.0/{tenantId}/users or even https://graph.microsoft.com/v1.0/997f56e7-06b6-44ad-be6a-3cc7377ae54a/users/{userId}, I get the users data without problems. The response looks like this:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"businessPhones": [],
"displayName": "My Display Name",
"givenName": "My Name",
"jobTitle": null,
"mail": null,
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": "en",
"surname": "My Surname",
"userPrincipalName": "[email protected]",
"id": "aaaaaaaa-bbbb-cccc-..."
}
But when I make a request to https://graph.microsoft.com/v1.0/{tenantId}/users/{userId}/calendars I get the following error:
{"error":{"code":"OrganizationFromTenantGuidNotFound","message":"The tenant for tenant guid '\[tenantGuid\]' does not exist.","innerError":{"oAuthEventOperationId":"bf9e026f-6160-4975-8952-1796d0903882","oAuthEventcV":"tiG/jGvOvqjHEw5i0jde2Q.1","errorUrl":"https://aka.ms/autherrors#error-InvalidTenant%22,%22requestId%22:%22b274ff09-22e7-48ff-abfa-1703c90ad358%22,%22date%22:%222023-03-28T07:42:17"}}}
I followed this documentation.
Also, I did an extensive search about this error and I found that I needed a Microsoft 365 subscription, so I bought one. I currently have the Microsoft 365 personal plan.
And I added the Office 365 Management APIs permissions on Azure Portal.
I still have the same issue, do I need to set up the tenant again? Do I need to change something in the configuration or am I missing something? Maybe I don't have the right subscription, do I need a Microsoft 365 Business subscription? How can I solve it?
What's interesting is that when I try to make the exact same requests using the Microsoft Graph Explorer it works as expected. And if I use the token given there in Access token tab in my backend it works as well, so I believe the problem is with the token I'm getting.
I created an Azure AD Application and granted API permissions like below:
I generated auth code by using below endpoint:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345
I generated access token by using below parameters:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
grant_type:authorization_code
scope:https://graph.microsoft.com/.default
code:code
redirect_uri:https://jwt.ms
client_secret:ClientSecret
When I decoded the token, scopes are present:
Using the above generated access token, I am able to fetch the calendar details successfully like below:
https://graph.microsoft.com/v1.0/{tenantId}/users/{userId}/calendars
The error usually occurs if the license is missing in your tenant to perform the action.
To resolve the error, subscribe O365 license and assign O365 license to the users like below:
If still the issue persists, check the below:
- Check whether you are passing correct TenantID.
- Make use of organizations/common endpoint if you are calling other tenant users.
- Otherwise, try configuring another tenant and check.
- A keyvault created with access policy using BICEP creates compound identity
- Azure Loadbalancer with public IP forward traffic to Container Apps
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- What means skipNegotiation in SignalR HubConnection?
- Azure ClientCertificateCredential - Using SNI
- MSAL Node service & The Partner Center API
- Load Registered Component in Azure ML for Pipeline using Python sdk v2
- How to take max value and replace it in drived column in data factory
- Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
- Azure Cost Management - track costs associated with Databricks job
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How to check Debug.Writeline() output in VS code?
- C# API - Provide download of files from Azure Blobstorage
- localhost:300/api is not working : "This page isn’t working"
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday
- Diagnostic setting not included in Azure Portal ARM template export
- How do I read the original pdf file in set indexer datasource in a custom WebApiSkill after enabling "Allow Skillset to read file data"
- How do I store vectors generated by AzureOpenAIEmbeddingSkill in indexer given my current setup
- Authenticating using the Azure CLI is only supported as a User (not a Service Principal)
- Azure Function App - frequent hang and deadlocks
- Sign Tool for Azure Trusted Service Account Error information: "Error: SignerSign() failed." (-2147467259/0x80004005)
- Init Script on databricks
- How to convert the premium file share to premium block blob storage account or standard general purpose v2 storage account?
- How to generate an azure blob url with SAS signature in nodejs sdk v12?
- How to Assign Role to New User with Graph API