azure - B2B with Microsoft Graph -
as know, creating multi-tenant azure application, using b2b functionallity.
i testing b2b functionality , after research got working sample.
small summary: user authenticates against common authority, first token acquired via common authority authorization code , then, everytime need service client, try obtain tokens 'current tenants' authority.
when request 'me', works against home tenant. when request me trusted tenant, got error user identifier not exist in directory. because user not exist in trusted tenant.
when request users, works fine. can both, home tenant users , trusted tenant users.
is normal behaviour? need handle programmatically or been solved using ad graph? (so when know need user info, query home tenant?) or bug?
any thoughts on appreciated!
guests added directory via b2b collaboration feature not work correctly on multi-tenant apps or microsoft graph if you're using common endpoint.
the common endpoint authenticate user against his/her home tenant, not against tenant (s)he guest.
in order query /me guest, you'll need have them sign-in through tenant specific endpoint tenant they're guest.
see answer other post more in-depth explanation / context: can users unmanaged azure ad directory, sign azure ad multi-tenant application resides in different directory?
Comments
Post a Comment