Microsoft Graph API OrganizationFromTenantGuidNotFound 使用 MSAL [英] Microsoft Graph API OrganizationFromTenantGuidNotFound using MSAL

问题描述

在 AAD 应用注册中，隐式授予流程为 true；我们已将权限委派给 User.Read 和 User.Read.All.

In AAD App registration has Implicit Grant Flow to true; We have delegated permissions to User.Read and User.Read.All.

private static getContext(): Msal.UserAgentApplication {
    if (AuthenticationService.Context) return AuthenticationService.Context;
    const logger = new Msal.Logger((_logLevel, message, _piiEnabled) => {
        console.log(message);
    }, { level: Msal.LogLevel.Verbose, correlationId: "12345" });

    AuthenticationService.Context = new Msal.UserAgentApplication(
        Environment().authentication.clientId,
        AuthenticationService.getAuthority(),
        (errorDesc, token, error, _tokenType) => {
            if (token) {
                AuthenticationService.isAuthenticated = true;
                AuthenticationService.accessToken = token;
            } else {
                const localizedError: string = LocalizationService.localize(error);
                alert(localizedError !== error ? localizedError : errorDesc);
            }
        },
        {
            logger: logger,
            storeAuthStateInCookie: true,
            state: "12345",
            cacheLocation: "localStorage" // enable this for IE, as sessionStorage does not work for localhost.
        });
    if (AuthenticationService.Context.getUser()) {
        AuthenticationService.isAuthenticated = true;
    }

    return AuthenticationService.Context;
}

我们有登录方法:

public static login(): void {
    const context: Msal.UserAgentApplication = AuthenticationService.getContext();
    if (context.loginInProgress()) return;
    AuthenticationService.CurrentUser = null;
    context.loginRedirect(AuthenticationService.SCOPES);
}

而且我们有获取图形令牌的方法:

And we have method to get token for graph:

public static async getGraphToken(): Promise<string | null> {
    const authContext: Msal.UserAgentApplication = AuthenticationService.getContext();
    const cachedUser: Msal.User = authContext.getUser();
    if (!cachedUser) {
        return null;
    }
    return authContext.acquireTokenSilent(AuthenticationService.SCOPES);
}

当我使用图形令牌获取用户照片时:

When I use graph token to get user photo I have:

{
    "error": {
        "code": "OrganizationFromTenantGuidNotFound",
        "message": "The tenant for tenant guid '68cc0dcb-5873-4ea0-a498-fe57e9b51827' does not exist.",
        "innerError": {
            "request-id": "b402e405-342a-4002-a880-84f30413cbf7",
            "date": "2018-11-30T23:39:23"
         }
     }
}

推荐答案

我遇到了同样的问题，经过 4 个小时的反复试验，我解决了这个问题.

I had the same issue and after 4 hours of trial and error I solved the problem.

我的情况有点不同，但也许它适用于您的情况.

My scenario was a bit different but maybe it will apply to your case.

我试图读取用户电子邮件 (/users/userId/messages)，但由于相同的错误而失败.尝试获取用户信息确实有效但尝试获取消息失败，这让我意识到即使用户确实存在于我的 AD 上，交换帐户的实际 AD 是不同的......一旦我移动了我的应用程序注册到正确的 AD 一切正常...

I was trying to read user emails (/users/userId/messages) which failed with the same error. Trying to get info on a user did work but trying to get messages failed, which led me to realize that even though the users did exist on my AD, the actual AD of the exchange account was different... Once I moved my app registration to the correct AD everything worked perfectly...

希望有帮助...

这篇关于Microsoft Graph API OrganizationFromTenantGuidNotFound 使用 MSAL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！