1

Im using this get request to check whether the user exists in my b2c tenant or not:

var url="https://graph.microsoft.com/v1.0/users?\$filter=signInNames/any(x:x/value eq 'test@auxi.com')&api-version=1.6";
final response = await client.get(url,headers:{ 'Authorization': 'Bearer $token'});

The token is the B2C token retrieved from the SignIn flow and I granted the "Directory.ReadWrite.All" permission for Microsoft Graph API in my app.

Based on this answer: https://stackoverflow.com/a/52289249/9576638

However Im getting this response when Im executing the query:

"error": {
    "code": "InvalidAuthenticationToken",
    "message": "Access token validation failure.",
    "innerError": {
      "date": "2020-11-29T18:47:03",
      "request-id": "86cb2fe9-37b4-4060-8953-90748d6475aa",
      "client-request-id": "86cb2fe9-37b4-4060-8953-90748d6475aa"
    }
  }

My aim is to check the whether the user's email is in the b2c tenant or not.. any help is appreciated.

DCodes
  • 789
  • 1
  • 11
  • 27
  • See my answer [here](https://stackoverflow.com/questions/62275609/no-access-token-returned-for-ad-b2c-user-when-requesting-microsoft-graph-delegat?rq=1). You must use vanilla AAD auth flows in a B2C tenant to get a token for Graph API. You cant use a User Flow. – Jas Suri - MSFT Nov 30 '20 at 12:13

1 Answers1

0

Did you assign the application Delegated Permission or Application Permission for Microsoft Graph?

If Delegated (as the user), you’ll need to request the Graph scope in your client app before connecting to your server (from JavaScript, eg).

If Application permission, you’ll need to use the client credential flow described in https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#get-a-token to get a new token, specifying Microsoft Graph as the scope and a client secret.

Scott McNeany
  • 493
  • 2
  • 9