Share via

invalid_resource error while authentication

Dynamics Admin 0 Reputation points
2024-06-24T04:28:43.76+00:00

I'm getting this error while calling oauth api for service account - AADSTS500011: The resource principal named ******** was not found in the tenant name.. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,125 questions
Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,175 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,116 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deepanshukatara-6769 10,300 Reputation points
    2024-06-24T04:40:06.43+00:00

    Hi, Welcome to MS Q&A

    Here are the steps to troubleshoot and resolve this issue:

    Verify Application Registration

    Ensure that the application (resource principal) is registered correctly in your Azure AD tenant:

    1. Azure Portal: Go to the Azure Portal.
    2. Azure Active Directory: Navigate to Microsoft Entra > App registrations.
    3. Check Application: Find and select your application from the list. Verify that the application is indeed registered.
    4. Check API Permissions

    Ensure the application has the necessary API permissions granted:

    1. API Permissions: Within the application registration, go to API permissions.
    2. Check Permissions: Ensure the required permissions are listed.
    3. Grant Admin Consent: If the permissions require admin consent, click on Grant admin consent.
    4. Tenant-Specific URLs

    Ensure that your OAuth request is being sent to the correct tenant. This can be specified in your OAuth endpoints:

    1. Common Endpoint: Using the https://login.microsoftonline.com/common endpoint is useful for multi-tenant applications.
    2. Tenant-Specific Endpoint: If your application is single-tenant, use https://login.microsoftonline.com/{tenant-id} where {tenant-id} is the ID of your AAD tenant.
    3. Ensure Proper Scopes

    Verify that the scopes you are requesting in the OAuth token request are valid and correctly specified. please check this doc for detail information https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-expose-web-apis#add-a-scope

    1. Consent to Application

    If the application requires user or admin consent, ensure that this has been granted:

    1. User Consent: A user might need to sign in and consent to the application.
    2. Admin Consent: For permissions requiring admin consent, an admin must sign in and grant the permissions. Kindly check above points and let us know if any questions Please accept answer if it helps
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.