Getting error - AADSTS500011: The resource principal named ** was not found in the tenant named **

Question

I have an AAD Application - ABC, that needs to access other application XYZ via an exposed api which is - "api://XYZ/general". I`m trying to use MSAL library and using ConfidentialClientApplication mechanism,but it is constantly giving me an error stating -

AADSTS500011: The resource principal named api://XYZ/general was not found in the tenant named ***. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

Can someone please assist me on how to resolve this error? I have been blocked on this for quite some time now.

Trying to get access token to use Easy Start APIs. Code-

authority = app.config["AUTHORITY"] + '/' + app.config["TENANT"]

aadApp = msal.PublicClientApplication(app.config["CLIENT_ID"], authority=authority)

result = None
accounts = aadApp.get_accounts()
if accounts:
    # If a user account exists, use it to acquire a token silently
    result = aadApp.acquire_token_silent(scopes=app.config["OB_SCOPE"], account=accounts[0])

if not result:
    # No user account or token acquisition failed, perform interactive authentication
    result = aadApp.acquire_token_interactive(scopes=app.config["OB_SCOPE"])

access_token = result['access_token']

Error- enter image description here

Answer 1

I have one application named WebAPI where I exposed an API with same scope as you:

Now, I registered one Azure AD application named ClientApp18 and added above permissions in API permissions tab:

To generate access token, I directly used interactive flow by modifying your python code:

import msal

tenant_id = "fb134080-e4d2-45f4-9562-fxxxxxxxxx0"
client_id = "3b48a780-de28-4576-b1c5-exxxxxxxx2"

scopes = ["api://5bc992e5-b3f8-4cfc-8197-aexxxxxxa/general"]

authority = f"https://login.microsoftonline.com/{tenant_id}/"

aadApp = msal.PublicClientApplication(client_id, authority=authority)

result = aadApp.acquire_token_interactive(scopes=scopes)

if "access_token" in result:
    access_token = result['access_token']
    print("Access token:", access_token)
else:
    print("Interactive authentication failed. Please check your Azure AD configuration.")

When I ran the above code, a new window opened to pick an account to sign in like this:

Make sure to select right user account from same tenant where the applications exist and you will get below screen once Authentication is successful:

After authenticating, I got the access token successfully in the output console:

To confirm that, I decoded the above token in jwt.ms and got aud & scp claims with correct values:

In your case, check whether you are already logged in with user from different tenant other than the tenant where applications exist or passed wrong tenantID in code.

When I ran the code by selecting user from different tenant or including wrong tenantID, I got similar error as you:

To resolve the error, try to use interactive flow directly as I mentioned by signing in with right user account from same tenant where the applications exist and check whether you are using right tenantID or not.