Microsoft Graph API Accessing basic info of a user that is outside tenancy

4.2k views Asked by At

I am developing a multi-tenant web app managing the mail, contacts and calendar of users.

On the AzureAd management portal, I registered my app as multi-tenant and I manage to get OAuth tokens for both people out and inside my tenancy, replacing the tennantId by "common" when querying the Authentication Code and Token endpoints.

Now, I would like to access calendar, mail and contacts info of people who signed in and consented to give permissions to my app.

I started simple, by querying the basic user info of a user inside tenancy like this:

GET https://graph.windows.net/-tennantId-/me?api-version=2013-11-08 or GET https://graph.windows.net/-tennantId-/users/[email protected]?api-version=2013-11-08 {headers: {Authorization: "Bearer -accessToken-"}}

It works!

Now, how can I have access to information of users that are outside my tenancy? I tried

GET https://graph.windows.net/-tennantId-/me?api-version=2013-11-08

GET https://graph.windows.net/-tennantId-/users/[email protected]?api-version=2013-11-08

GET https://graph.windows.net/common/me?api-version=2013-11-08

GET https://graph.windows.net/common/users/[email protected]?api-version=2013-11-08,

I always end-up having a 400 error: {"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Invalid domain name in the request url."}}}

Any idea what I am doing wrong?

1

There are 1 answers

3
qnilab On BEST ANSWER

Ah-ah!

Forget the use of your tenant ID when talking with the Graph API if you develop a multi-tenant app with OAuth!

The equivalent to "common" when requesting a token for a user in or outside your tenancy is... "myorganization"!

This will work:

https://graph.windows.net/myorganisation/me?api-version=2013-11-08

Oh, it was clearly written in the doc, but... but... MICROSOOOOOFT!!!