AADSTS700016 - not found in the directory 'Bot Framework'

Question

Hi, I created an Azure bot (https://portal.azure.com/#create/Microsoft.AzureBot), and everything was working fine—I successfully sent requests using this bot. However, I suddenly encountered this error:

Error: Failed to get bot access token [400] - AADSTS700016: Application with identifier 'XXX' was not found in the directory 'Bot Framework'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

What could be causing this issue? Why might this have happened, and how can I resolve this error?
Thanks.

Answer 1

Hi @itay4 - This error appears in various scenarios. Please review the following steps.

1.Ensure correct AppId of the application, which is sent as the ClientID in the request.

2.Basically, OAuth2 utilizes the ClientID in the request and matches it with the AppId from the application registration. Similarly, SAML2 uses the EntityId in the request and compares it to the App URI ID of the application registration. It is important to note that the AppId differs from the Application's Object ID, the Service Principal, also known as the Enterprise Apps Object ID, or the Directory ID.

3.Verify whether the application is designed to support a single tenant or multiple tenants. If it is meant to be a single-tenant application and the user signing in is a guest in the directory where the application is registered, make sure the sign-in endpoint (also known as the authority) being used is: https://login.microsoftonline.com/{your-tenant-id}/

Answer 2

Hello,

Thanks for reaching out to us, we have not heard back from you. In addition to the answer provided above as the first two items, please also check other steps -

Verify Application Registration:

• Go to the Azure portal and navigate to Azure Active Directory > App registrations.
• Search for the application ID mentioned in the error message.
• Confirm that the application is listed and check its configuration.

Check the Tenant:

• Make sure you're sending requests to the correct tenant. Verify the tenant ID and ensure that your bot is registered in that tenant.
• Check if the directory ID of your Azure AD matches the one used in the bot configuration.

Recheck Application Credentials:

• In the Azure portal, navigate to Azure Active Directory > App registrations > your bot application.
• Verify the Client ID and Client Secret (if applicable). Ensure they match those used in your bot’s configuration.

Review Permissions and Consent:

• Check if the bot has the required API permissions under API permissions in the Azure portal.
• Ensure that any required admin consent has been granted for these permissions.

Update and Correct Redirect URIs:

• Verify the redirect URIs configured in the Azure portal for your application.
• Ensure these URIs match those used in your bot’s requests.

Recreate the Bot Registration:

• If the issue persists, consider re-registering the bot application. This involves deleting the existing registration and creating a new one, ensuring that all configurations are correct.

I hope this helps. Let us know if you need any other help.

Regards,

Yutong

-Please kindly accept the answer if you feel helpful to support the community, thanks a lot.