Share via

Unable to authenticate to graph api using client credentials flow

Shajedul Alam 0 Reputation points
2025-01-13T16:30:29.0666667+00:00

Hello,

I am trying to connect to our azure app using graph api and client credentials workflow.

In Postman, I am getting error on token authentication.

Error:

"error": "unauthorized_client",

"error_description": "AADSTS700016: Application with identifier 'bb7b2cff-c2f4-4a39-bfbd-3f932e384c32' was not found in the directory 'phreesia.com'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant. Trace ID: ff69ad31-3894-4afb-9b48-14b56a0e7200 Correlation ID: dfba47c9-a4f2-44e0-ac5e-7c2d9382555b Timestamp: 2025-01-13 16:26:50Z",

Token endpoint: https://login.microsoftonline.com/14b42516-568f-483b-a141-800cfd1be324/oauth2/token

I have setup the app, provided the graph api permissions. I am not sure what is missing here. Can you please assist?

Thank you

Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
242 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,889 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rajat Vashistha-MSFT 265 Reputation points Microsoft Vendor
    2025-01-13T16:51:04.8366667+00:00

    Hi Shajedul Alam,

    Thank you for contacting Microsoft!

    This error can occur if the application is not enabled for multi-tenant support or if consent has not been granted by the resource tenant.

    To troubleshoot this issue, please follow these steps:

    Verify in the home directory where the application is registered that it supports multi-tenant account types.

    Login into Entra ID >> Go to App Registration >> select the app >> Click on Authentication

    User's image

    Once the application is enabled for multi-tenancy, ask the administrator of the resource directory to provide consent to the application first. This can be done using the following URL:

    https://login.microsoftonline.com/common/adminconsent?client_id=your_client_id

    After the consent is given, try logging in to the application again to see if the issue persists.

    If the application is meant for a single tenant only, here are some steps to resolve the issue:

    1. Verify Tenant ID: Confirm that the tenant ID is correct for the phreesia.com directory.
    2. Admin Consent: Confirm if admin consent is granted by the global admin.
    3. Check App Registration: Go to the Azure portal and navigate to Azure Active Directory > App registrations. Make sure the app with the Client ID is registered under the correct tenant.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    0 comments
  2. CarlZhao-MSFT 44,851 Reputation points
    2025-01-14T07:23:59.8933333+00:00

    Hi @Shajedul Alam

    This is because the permissions you assigned to the calling app have not been consented by the admin. Application permissions are tenant-wide and each application permission must be consented by the admin.

    Try logging in to your MS Entra ID as a global admin, then find the calling app and grant admin consent for the application permissions.

    fad7b544-5dbe-4fa0-af0e-218cdfe74a60

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.