Azure AD B2C - Microsoft Graph API - Authorization_IdentityNotFound

Question

I've set up Azure B2C successfully, people can log in etc. Now I want to access Azure AD programmatically. So, I've created a new App Registration in my Azure AD B2C tenant, granted all the permissions possible, and granted Administrator consent. Essentially followed all the steps outlined here.

I can successfully retrieve an access token, but as soon as I call the Graph API, I get this error:

{
    "error": {
        "code": "Authorization_IdentityNotFound",
        "message": "The identity of the calling application could not be established.",
        "innerError": {
            "request-id": "7d96b137-c45c-4440-a14f-51227b9fa379",
            "date": "2017-09-21T08:24:56"
        }
    }
}

Other posts suggest that permissions are wrong (I've given ALL possible permissions for both MS Active Directory and Microsoft Graph), and / or no consent.

The weird thing is that if I call /users/.../drive/root/children I get a different error, indicating it can find my tenant:

{
    "error": {
        "code": "BadRequest",
        "message": "Tenant does not have a SPO license.",
        "innerError": {
            "request-id": "9018c1d1-f3a9-421d-9c9d-011ff710ed53",
            "date": "2017-09-21T08:30:11"
        }
    }
}

With the switch from Azure AD Graph to Microsoft Graph, it's hard to debug.

Its not clear which api are you trying to call? – Abhishek Agrawal Aug 24 '19 at 06:46 — Abhishek Agrawal, Aug 24 '19 at 06:46

score 4 · Accepted Answer · answered Sep 21 '17 at 12:23

4

You can't use Microsoft Graph API for B2C yet. Follow this guide that uses Azure AD Graph API.

answered Sep 21 '17 at 12:23

spottedmahn

14,823
13
108
178

2

Thank you! I've tried Azure AD Graph API, but the C# Client library doesn't seem to work with .NET Core 1.1... :( Why is MS stuff not compatible with each other :( – Boland Sep 21 '17 at 21:01

Azure AD B2C - Microsoft Graph API - Authorization_IdentityNotFound

1 Answers1