1

I have added a Web Application in the Microsoft Application Registration Portal. I can view this app in old azure portal. When I try to configure this app as multi tenant and set the Sign-on URL and the App ID URI values, an error pops up saying one of the values is invalid and the save fails. I can connect to this application using OAUTH and get the required refresh and access tokens. Using these tokens in the graph API I can get mails,contacts and calendar events from my office 365 account. But this happens only for a single tenant. I need to able to do this for multiple tenants and so I want to set this app as multi-tenant. If I create the application in Azure AD itself then I am able to set all the values but I cannot connect to this app using OAUTH as the authentication fails with error message saying

error=unauthorized_client&error_description=AADSTS70001%3a+Application+%2791470123-7e7e-4139-9922-ac95b0a6b383%27+is+not+supported+for+this+API+version.

.I went through a few links like here , here and here but until now I haven't been able to find a solution. I am re-posting this as suggested here. Can anyone suggest what I must do to get through this ?

Community
  • 1
  • 1
Mainak
  • 469
  • 3
  • 9
  • 33

1 Answers1

1

All applications created through the App Registration Portal have the Multi-Tenant flag set to True by default.

The issues you are facing here are likely due to the fact that the App Registration Portal created our new V2 Applications, while our old portals use our V1 Applications. As a result, switching between portals and trying to make configuration changes, you will likely run into issues where our app model has changed, and certain properties exist in one place, and not another.

Finally it is important to note that we now have a V2 endpoint as well, which lines up with our V2 applications. You need to make sure you are using the right kind of application for the right endpoint.

Let me know if this helps!

Shawn Tabrizi
  • 12,206
  • 1
  • 38
  • 69
  • I am using https://login.microsoftonline.com/common/oauth2/v2.0 for authentication and tokens – Mainak Feb 18 '17 at 04:26
  • As we stated, the apps register from Microsoft Application Registration Portal support multi-tenant by default. Would you mind let us know what's the exact issue you were handling? – Fei Xue Feb 20 '17 at 05:21
  • What is the specific endpoint you are targeting with the token you are acquiring? – Shawn Tabrizi Feb 20 '17 at 07:51
  • I am using https://graph.microsoft.com/v1.0/me/contacts for fetching contacts from office 365. I have a CRM Web application in php and I need to sync the Office 365 contacts and calendar with this application. I am using OAUTH 2.0 ("https://login.microsoftonline.com/common/oauth2/v2.0/authorize" for authorization and "https://login.microsoftonline.com/common/oauth2/v2.0/token" for tokens). Do I need to use Open ID Connect also ? – Mainak Feb 20 '17 at 14:43
  • I have created this web app using mary@mary21.onmicrosoft.com in the Microsoft Application Registration Portal . This account also has an office 365 subscription. I am unable to connect to this app using any other account having an office 365 subscription. Whenever I try to connect using any account other than mary@mary21.onmicrosoft.com I get the error "unauthorized client". – Mainak Feb 20 '17 at 14:44