Reputation: 2896
"The tenant for tenant guid X does not exist", for self email account(I'm the only member)
I would like to read email for my personal account but I'm getting "The tenant for tenant guid X does not exist".
I created an app using single tenant on https://entra.microsoft.com/
Then I assing it the permissions to email
Then I created a client secret
Then I use this code for getting the token:
import(""github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential") cred, err := confidential.NewCredFromSecret("{secret value}") if err != nil { log.Println(err) return } confidentialClient, err := confidential.New("https://login.microsoftonline.com/{tenant id}", "{client id}", cred) if err != nil { log.Println(err) return } scopes := []string{"https://graph.microsoft.com/.default"} result, err := confidentialClient.AcquireTokenSilent(context.TODO(), scopes) if err != nil { result, err = confidentialClient.AcquireTokenByCredential(context.TODO(), scopes) if err != nil { log.Println(err) return } }I successfully get the token with that code
{ "Account": { "AdditionalFields": null }, "IDToken": { "RawToken": "", "AdditionalFields": null }, "AccessToken": "{token}", "ExpiresOn": "2023-12-13T14:57:09.4905758-05:00", "GrantedScopes": [ "https://graph.microsoft.com/.default" ], "DeclinedScopes": null }Then I get the user id(I'm the only user):
req, err := http.NewRequest("GET", "https://graph.microsoft.com/v1.0/users", nil) if err != nil { log.Println(err) return } req.Header.Add("Authorization", "{token}") client := http.Client{} resp, err := client.Do(req) if err != nil { log.Println(err) return } body, err := io.ReadAll(resp.Body) if err != nil { log.Println(err) return }however when I try to get the emails:
req, err := http.NewRequest("GET", "https://graph.microsoft.com/v1.0/users/{user_id}/messages", nil) if err != nil { log.Println(err) return } req.Header.Add("Authorization", "{token}") client := http.Client{} resp, err := client.Do(req) if err != nil { log.Println(err) return } body, err := io.ReadAll(resp.Body) if err != nil { log.Println(err) return }
I get:
{
"error": {
"code": "OrganizationFromTenantGuidNotFound",
"message": "The tenant for tenant guid '0a6ac917-332a-4f47-881e-0b35fb1b2ab5' does not exist.",
"innerError": {
"oAuthEventOperationId": "c096c5c9-e743-4daa-9a97-d14d915e9842",
"oAuthEventcV": "N0nHeUJm9gwnrFZefuEA4w.1.1",
"errorUrl": "https://aka.ms/autherrors#error-InvalidTenant",
"requestId": "c0272999-9743-44ee-98b5-947acc52e7d8",
"date": "2023-12-13T19:11:22"
}
}
}
Id 0a6ac917-332a-4f47-881e-0b35fb1b2ab5 on the error is the tenand id
Upvotes: 1
Views: 768
Answers (1)
Reputation: 22572
To read the mails of personal Outlook account, you need to switch to delegated flow like interactive flow or authorization code flow for generating access token and call
/me/messagesendpoint.
Register multi-tenant application with account type as "Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)":
Make sure to enable public client option if you are using interactive flow for generating token:
Now, add Mail.Read or Mail.ReadWrite permission of Delegated type in your app registration based on your need:
To generate access token using interactive flow, you can refer this sample Go code and later use it for calling /me/messages endpoint:
package public_test
import (
"context"
"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
)
func Example() {
client, err := public.New("client_id", public.WithAuthority("https://login.microsoftonline.com/common"))
if err != nil {
}
var result public.AuthResult
scopes := []string{"https://graph.microsoft.com/.default"}
accounts, err := client.Accounts(context.TODO())
if err != nil {
// TODO: handle error
}
if len(accounts) > 0 {
result, err = client.AcquireTokenSilent(context.TODO(), scopes, public.WithSilentAccount(accounts[0]))
}
if err != nil || len(accounts) == 0 {
result, err = client.AcquireTokenInteractive(context.TODO(), scopes)
if err != nil {
}
}
_ = result.Account
_ = result.AccessToken
}
You can also sign into Graph Explorer with that account and run below query for getting emails:
GET https://graph.microsoft.com/v1.0/me/messages
Response:
Reference:
Upvotes: 1
Related Questions
- How to use user's access token or access token based on Tenant ID in Microsoft graph API?
- ResourceNotFound Microsoft Graph Api with correct token
- Microsoft graph - adding an event to default calendar gives back "Resource could not be discovered." error
- InvalidAuthenticationToken. Access token validation failure. Invalid audience
- How to get "msExchMailboxGuid" from O365 using Microsoft Graph
- graph api Access denied
- Unable to send Email using Graph API (C# Console) by creating GraphServiceClient through AccessToken as well as ClientCredentialProvider
- "The tenant for tenant guid does not exist" when using GraphAPI - Even with user type as Member
- Trying to get the value of "Total" from JSON response