0

I'm tring to get data of signed in user from microsoft azure using GraphServiceClient

My app registration permissions:

enter image description here

Type of registration is:

Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)

ID Token is selected:

enter image description here

API Permissions for my app:

enter image description here

when I try to login by my email ***@hotmail.com, I got my profile, when I try to call:

        var currentUser = await _graphServiceClient.Me.Request().GetAsync();

but for other account, with custom domain (but registered for office365), I got:

ServiceException: Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.

what is different and how to fix it?

Oleg Sh
  • 8,496
  • 17
  • 89
  • 159
  • 1
    `for other account, with custom domain (but registered for office365)` I trust you set some properties like domain/client_id and so on to make your app integrate azure ad which allow you to sign in with your account, and maybe by default when you use account which is in the same tenant where the azure ad app is registerd will sign in successfully, but will fail when you use the account not in the tenant, that's because you used multi-tenant azure ad app but you didn't consent the app in another tenant, the tenant is the one where your another account(failed to sign in) belongs to. – Tiny Wang May 10 '22 at 07:56
  • If my guess is right, you may check [this section](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent#construct-the-url-for-granting-tenant-wide-admin-consent) to give the multi-tenant app admin consent to another tenant. – Tiny Wang May 10 '22 at 08:01
  • @TinyWang , seems, it depends on `Starting November 9th, 2020 end users will no longer be able to grant consent to newly registered multitenant apps without verified publishers. Add MPN ID to verify publisher`. I found my old registered app and have such problem: https://stackoverflow.com/questions/71975537/get-pp-e-rps-reason-offeractions-invalid-error-key – Oleg Sh May 10 '22 at 11:59
  • Hi @Oleg Sh, Can you please share your query details so that I can check into the logs, please provide the Client ID, Request ID and the timestamp and also please check the permissions here and see if all permissions are provided, details in this [DOC](https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=csharp#permissions). Thanks – Mehtab Siddique May 13 '22 at 05:09

0 Answers0