"The tenant for tenant guid does not exist" even though user is listed on users endpoint?

Question

I'm trying to integrate with Outlook's APIs (more specifically I want to list a users' contacts, and be able to do some CRUD on them).

I created an Azure account, an Office 365 developer account, and an application on Azure.

I am able to get an access token using the login endpoint, like below:

https://login.microsoftonline.com/<tenant_id>/oauth2/token

And I am able to retrieve the list of users or get a user's details with the /users endpoint using the bearer token too. The result of the "get user" method returns something like this:

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
  "businessPhones": [],
  "displayName": "Renato Oliveira",
  "givenName": "Renato",
  "jobTitle": null,
  "mail": null,
  "mobilePhone": null,
  "officeLocation": null,
  "preferredLanguage": null,
  "surname": "Oliveira",
  "userPrincipalName": "renato.company.com.br#EXT#@renatocompanycom.onmicrosoft.com",
  "id": "<user_id>"
}

Of course, this is using the /users endpoint passing the user_id on it:

https://graph.microsoft.com/v1.0/users/<user_id>

I can't, however, get this users's contacts. When I send a GET request to the endpoint below

https://graph.microsoft.com/v1.0/users/<user_id>/contacts

I get the error below:

{
  "error": {
    "code": "OrganizationFromTenantGuidNotFound",
    "message": "The tenant for tenant guid '<my_active_directory_tenant_id>' does not exist.",
    "innerError": {
      "request-id": "<request_id>",
      "date": "2019-03-18T20:43:16"
    }
  }
}

---

Why is this happening? Why does it work with /users but not with /users/{id}/contacts, even though the application has all permissions activated, and admin consent was granted for the Default Directory?

Answer 1

I didn't reproduce your issue on my side. My steps are as below for your reference.

1.Register an Application on Azure portal and grant it graph permission.

2.Get the access token.

3.Before calling the api, you need to confirm that the account needs to be a valid email address. Mine is demo101@**.onmicrosoft.com.

4.Call the graph api.

Answer 2

Authenticate with your own identity: This will use your own identity (the app identity). This OAuth flow is called client credentials grant flow.

'Authenticate with your own identity' is not an allowed method for Microsoft Personal accounts.

Check this source here, if any of us are using a personal account then the client credentials flow won't work for us. https://github.com/O365/python-o365#authentication-steps