How to resolve Authorization_IdentityNotFound for Python daemon app

Grady 0 Reputation points
2023-01-11T16:40:35.1433333+00:00

I am attempting to follow the quickstart guide for the python daemon application and am getting the following error:

"code": "Authorization_IdentityNotFound",

"message": "The identity of the calling application could not be established."

I am using the exact same code as the python daemon app quickstart guide, with the secret ID and client ID obtained from the app registration. Permissions for User.Read.All are granted with admin consent.

I am trying to give consent as the admin of the tenant, but Im getting an error when I try to verify, I get
Request Id: bc1a7a66-5d8c-49a8-8030-c5e6a046ba00
Correlation Id: a8fe72d4-fb4d-4628-b97d-6e9c6902e9e9
Timestamp: 2023-01-11T15:25:06Z
Message: AADSTS500113: No reply address is registered for the application.

import sys  # For simplicity, we'll read config file from 1st CLI param sys.argv[1]
import json
import logging
import requests
import msal
import onedrivesdk_fork as onedrivesdk

# Optional logging
# logging.basicConfig(level=logging.DEBUG)
config = json.load(open('parameters.json'))

# Create a preferably long-lived app instance which maintains a token cache.
app = msal.ConfidentialClientApplication(
    config["client_id"], authority=config["authority"],
    client_credential=config["secret"],
    # token_cache=...  # Default cache is in memory only.
                       # You can learn how to use SerializableTokenCache from
                       # https://msal-python.rtfd.io/en/latest/#msal.SerializableTokenCache
    )
# The pattern to acquire a token looks like this.
result = None

# Firstly, looks up a token from cache# Since we are looking for token for the current app, NOT for an end user,
# notice we give account parameter as None.
result = app.acquire_token_silent(config["scope"], account=None)
if not result:
    logging.info("No suitable token exists in cache. Let's get a new one from AAD.")
    result = app.acquire_token_for_client(scopes=config["scope"])

if "access_token" in result:
    # Calling graph using the access token
    graph_data = requests.get(  # Use token to call downstream service
        config["endpoint"],
        headers={'Authorization': 'Bearer ' + result['access_token']}, ).json()
    print("Graph API call result: ")
    print(json.dumps(graph_data, indent=2))
else:
    print(result.get("error"))
    print(result.get("error_description"))
    print(result.get("correlation_id"))  # You may need this when reporting a bug
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,799 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Grady 0 Reputation points
    2023-01-11T17:12:55.62+00:00

    The issue was that in the parameter.json file, I needed to change "https://login.microsoftoneline.com/common" to "https://login.microsoftoneline.com/TenantID", where the tenant ID is found in the app registration.

    0 comments No comments

  2. Zehui Yao_MSFT 5,871 Reputation points
    2023-01-16T03:12:34.04+00:00

    Hi @Grady,

    Great to know that it works now and thanks for sharing the update here.

    By the way, since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others.". and according to the scenario introduced here: Answering your own questions on Microsoft Q&A, I would make a brief summary of this thread:

    [How to resolve Authorization_IdentityNotFound for Python daemon app?]

    Issue Symptom:
    When following the quickstart guide for a Python daemon application, getting the following error:

    "code": "Authorization_IdentityNotFound",

    Current status:
    The issue has been resolved by changing "https://login.microsoftoneline.com/common" to "https://login.microsoftoneline.com/TenantID" in the parameter.json file.

    You could click the "Accept Answer" button for this summary to close this thread, and this can make it easier for other community members to see the useful information when reading this thread. Thanks for your understanding!

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.