App registration knownclientapplications not working

Paul Pham 21 Reputation points

Hi all,

I have created an app registration using c# and the graph client. I created an app registration for a SPA and another app registration for the web api.

I have also configured the knowClientApplications on the web api app registration setting the appID of the SPA.

Both are also set as multi-tenant.

I am able to authenticate myself with the SPA (using another tenant, not my home tenant) and when the SPA tries to make an API call it errors out with the following message

invalid_resource: AADSTS500011: The resource principal named api://<API_appID> was not found in the tenant named <tenantId (not the home tenant)>

The things which is really weird is if I do the app registration manually in the portal, everything works fine. I have compared the Manifest of app registration created by code and the one created manually and they are basically the same.

I don't know understand why it would work when creating the app registration manually and it doesn't work when creating the app registration using code with graphclient.

Everything works if I build the adminconsent URL and the admin of the tenant consent then the SPA is able to call the web api.

But my understanding is that knowClientApplications will bundle the consent so the user doesn't need to consent to both the SPA and the web api. It will automatically provision both service principals

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,444 questions
0 comments No comments
{count} votes

Accepted answer
  1. 2023-05-31T00:18:31.37+00:00

    Hello @Paul Pham , as you've found, updating the application api.knownClientApplications attribute won't create service principals for any of your apps. They will get automatically created using the Azure Portal experience but will have to be manually created using MS Graph.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

0 additional answers

Sort by: Most helpful