"Tenant for tenant GUID X does not exist" for own email account (I am the only member)

php Xiaobian Yuzai may encounter the error message "Tenant with tenant GUID X does not exist" when troubleshooting email account issues, especially when you are the only member. This error message may prevent you from logging in or accessing your email account. For this issue, we have some solutions you can try to restore access and normal use of your email account. Below, we'll describe some possible solutions and steps that we hope will help you resolve your issue.

Question content

I want to read the email for my personal account but I get a "Tenant for tenant guid x does not exist" message.

• I created an application using single tenant on https://entra.microsoft.com/

• Then I gave it permission to send emails

• Then I created a client key

• Then I use this code to get the token:

  import(""github.com/azuread/microsoft-authentication-library-for-go/apps/confidential")
   cred, err := confidential.newcredfromsecret("{secret value}")
   if err != nil {
       log.println(err)
       return
   }
   confidentialclient, err := confidential.new("https://login.microsoftonline.com/{tenant id}", "{client id}", cred)
   if err != nil {
       log.println(err)
       return
   }
   scopes := []string{"https://graph.microsoft.com/.default"}
   result, err := confidentialclient.acquiretokensilent(context.todo(), scopes)
   if err != nil {
       result, err = confidentialclient.acquiretokenbycredential(context.todo(), scopes)
       if err != nil {
       log.println(err)
           return
       }
   }

• I successfully obtained the token using this code

  {
       "account": {
           "additionalfields": null
       },
       "idtoken": {
           "rawtoken": "",
           "additionalfields": null
       },
       "accesstoken": "{token}",
       "expireson": "2023-12-13t14:57:09.4905758-05:00",
       "grantedscopes": [
           "https://graph.microsoft.com/.default"
       ],
       "declinedscopes": null
   }

• Then I get the user id (I am the only user):

  req, err := http.newrequest("get", "https://graph.microsoft.com/v1.0/users", nil)
   if err != nil {
       log.println(err)
       return
   }
   req.header.add("authorization", "{token}")
   client := http.client{}
   resp, err := client.do(req)
   if err != nil {
       log.println(err)
       return
   }
   body, err := io.readall(resp.body)
   if err != nil {
       log.println(err)
       return
   }

• But when I try to get the email:

  req, err := http.newrequest("get", "https://graph.microsoft.com/v1.0/users/{user_id}/messages", nil)
       if err != nil {
           log.println(err)
           return
       }
       req.header.add("authorization", "{token}")
       client := http.client{}
       resp, err := client.do(req)
       if err != nil {
           log.println(err)
           return
       }
       body, err := io.readall(resp.body)
       if err != nil {
           log.println(err)
           return
       }

I get:

{
    "error": {
        "code": "OrganizationFromTenantGuidNotFound",
        "message": "The tenant for tenant guid '0a6ac917-332a-4f47-881e-0b35fb1b2ab5' does not exist.",
        "innerError": {
            "oAuthEventOperationId": "c096c5c9-e743-4daa-9a97-d14d915e9842",
            "oAuthEventcV": "N0nHeUJm9gwnrFZefuEA4w.1.1",
            "errorUrl": "https://aka.ms/autherrors#error-InvalidTenant",
            "requestId": "c0272999-9743-44ee-98b5-947acc52e7d8",
            "date": "2023-12-13T19:11:22"
        }
    }
}

The id on the error 0a6ac917-332a-4f47-881e-0b35fb1b2ab5 is the tenand id

Solution

To readPersonal outlook account For emails, you need to switch to the delegate process (such as the interaction process or the authorization code process that generates an access token) and call the /me/ messages endpoint.

RegistrationMulti-tenant Application with account type " Accounts in any organizational directory (any Microsoft entra id tenant - multi-tenant) and personal Microsoft accounts (e.g. skype, xbox) ” >“：

If you are using interactive flows to generate tokens, make sure to enable the Public Client option:

Now add a delegate of type mail.read or mail.readwrite according to your needs in your app registration Permissions:

To generate an access token using interaction flow, you can refer to this sample go code and then use it to call the /me/messages endpoint:

package public_test

import (
    "context"

    "github.com/azuread/microsoft-authentication-library-for-go/apps/public"
)

func example() {
    client, err := public.new("client_id", public.withauthority("https://login.microsoftonline.com/common"))
    if err != nil {
    }

    var result public.authresult
    scopes := []string{"https://graph.microsoft.com/.default"}

    accounts, err := client.accounts(context.todo())
    if err != nil {
        // todo: handle error
    }
    if len(accounts) > 0 {
        result, err = client.acquiretokensilent(context.todo(), scopes, public.withsilentaccount(accounts[0]))
    }
    if err != nil || len(accounts) == 0 {
        result, err = client.acquiretokeninteractive(context.todo(), scopes)
        if err != nil {
        }
    }
    _ = result.account
    _ = result.accesstoken
}

You can also log in to graph explorer using that account and run the following query to get the email:

GET https://graph.microsoft.com/v1.0/me/messages

Response:

refer to:

Microsoft Authentication-library-for-go/apps/public/example_test.go is located in main · azuread/microsoft-authentication-library-for-go · github

The above is the detailed content of "Tenant for tenant GUID X does not exist" for own email account (I am the only member). For more information, please follow other related articles on the PHP Chinese website!