Mircosoft Graphs API /common vs /{{tenant}}
I have created one App registration in my azure email named:[email protected] and I have configured redirect URI and client secrets in it and also given API permission to that app.
I have created one user in other tenant and tired to login in my app using his credential so first I have sign in with below url
https://login.microsoftonline.com/{{tenantId}}/oauth2/v2.0/authorize?client_id={{clientId}}&response_type=code&redirect_uri={{RedirectURI}}&response_mode=query&scope={{Group.Read.All User.Read User.Read.All}}&state=abc
After generate access token I got this list of permission:
Group.Read.All GroupMember.Read.All IdentityProvider.Read.All openid User.Read User.Read.All profile email
in API response
I was able use Microsoft Graph APIs /groups & /me but when trying to call /users endpoint getting below error
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2024-05-09T14:57:11",
"request-id": "eea77793-9d1f-4f36-80ec-4e1b479274c2",
"client-request-id": "eea77793-9d1f-4f36-80ec-4e1b479274c2"
}
}
}
Same thing it is working when I use /common endpoint. I was able to successfully call /me,/groups,/users endpoint
Thank you for any type of support. Just I need to understand difference between /common vs /{{tenantId}}
I suggest you to decode the access token (jwt.ms) and ensure proper permissions are granted in the target tenant for the requested operations (User.Read.All, etc.).
/commonEndpoint:- Used for multi-tenant applications where users from any tenant can authenticate.
- Access token obtained can have broader permissions across multiple tenants.
/{{tenantId}}Endpoint:- Targets authentication for a specific tenant only.
- Access token is scoped to operations within the specified tenant.
- PHP - How to get OAuth 2.0 Token
- UPS Outh Rating API return Invalid Authentication Information
- How to store sensitive data in React Native or expo code ? ( with Keychain and Keystore )
- How to get Optum sandbox to authenticate with OAuth 2.0 using Java and okhttp
- Spring Boot redirection back to login page
- New Google place api using google OAuth, ask failed to refresh token
- Getting OAuth code challenge on loopback server
- How do I solve audience (aud) invalid claim error for downstream api service?
- oauth 2 parameters can only have a single value: scope
- #oauth2 security expressions on method level
- Calling spring authorization server OAuth2 REST endpoints
- Google AdWords API authorization raising AdsCommon::Errors::AuthError
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Passport - Node.js not returning Refresh Token
- AWS Cognito: Missing Scopes in Access Token with Custom UI and Device Remember Functionality for MFA
- Cross-client Google OAuth: Get auth code on iOS and access token on server
- How to generate GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET without a domain?
- Spring Gateway and OAuth
- OAuth Client Credential Flow - Refresh Tokens
- Django OAuth2 Authentication Failing in Unit Tests - 401 'invalid_client' Error
- Add OAuth authentication for HTTP request triggers
- OAuth2 implementation and user management Django
- How to enable a submit button if form fields are auto-filled by the browser using saved credentials on page load?
- AADSTS70000 Error When Requesting for Access Token
- Is storing an OAuth token in cookies bad practice?
- Spring OAuth2 client performs Back-Channel Logout with an expired ID token
- I/O error on GET request for "https://localhost/application/o/{name}/.well-known/openid-configuration": Connection refused
- Restrict Microsoft Azure App OAuth2.0 to Internal Users
- How can I "Get Microsoft Teams Users" Using of Microsoft Graph API
- unsupported_grant_type error for authorization_code grant type: Spring Security OAuth2