使用 MSAL 的 Microsoft Graph API OrganizationFromTenantGuidNotFound [英] Microsoft Graph API OrganizationFromTenantGuidNotFound using MSAL

问题描述

In AAD App registration has Implicit Grant Flow to true; We have delegated permissions to User.Read and User.Read.All.

private static getContext(): Msal.UserAgentApplication {
    if (AuthenticationService.Context) return AuthenticationService.Context;
    const logger = new Msal.Logger((_logLevel, message, _piiEnabled) => {
        console.log(message);
    }, { level: Msal.LogLevel.Verbose, correlationId: "12345" });

    AuthenticationService.Context = new Msal.UserAgentApplication(
        Environment().authentication.clientId,
        AuthenticationService.getAuthority(),
        (errorDesc, token, error, _tokenType) => {
            if (token) {
                AuthenticationService.isAuthenticated = true;
                AuthenticationService.accessToken = token;
            } else {
                const localizedError: string = LocalizationService.localize(error);
                alert(localizedError !== error ? localizedError : errorDesc);
            }
        },
        {
            logger: logger,
            storeAuthStateInCookie: true,
            state: "12345",
            cacheLocation: "localStorage" // enable this for IE, as sessionStorage does not work for localhost.
        });
    if (AuthenticationService.Context.getUser()) {
        AuthenticationService.isAuthenticated = true;
    }

    return AuthenticationService.Context;
}

We have login method:

public static login(): void {
    const context: Msal.UserAgentApplication = AuthenticationService.getContext();
    if (context.loginInProgress()) return;
    AuthenticationService.CurrentUser = null;
    context.loginRedirect(AuthenticationService.SCOPES);
}

And we have method to get token for graph:

public static async getGraphToken(): Promise<string | null> {
    const authContext: Msal.UserAgentApplication = AuthenticationService.getContext();
    const cachedUser: Msal.User = authContext.getUser();
    if (!cachedUser) {
        return null;
    }
    return authContext.acquireTokenSilent(AuthenticationService.SCOPES);
}

When I use graph token to get user photo I have:

{
    "error": {
        "code": "OrganizationFromTenantGuidNotFound",
        "message": "The tenant for tenant guid '68cc0dcb-5873-4ea0-a498-fe57e9b51827' does not exist.",
        "innerError": {
            "request-id": "b402e405-342a-4002-a880-84f30413cbf7",
            "date": "2018-11-30T23:39:23"
         }
     }
}

解决方案

I had the same issue and after 4 hours of trial and error I solved the problem.

My scenario was a bit different but maybe it will apply to your case.

I was trying to read user emails (/users/userId/messages) which failed with the same error. Trying to get info on a user did work but trying to get messages failed, which led me to realize that even though the users did exist on my AD, the actual AD of the exchange account was different... Once I moved my app registration to the correct AD everything worked perfectly...

Hope that helps...

这篇关于使用 MSAL 的 Microsoft Graph API OrganizationFromTenantGuidNotFound的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！