Microsoft Graph API - Authentication Issues

Question

Hi Guys!

I have set up a Microsoft tenant(MSP) with GDAP relationships with 3 other tenants(Managed Customers/Tenants). I have registered an app with the required permissions that I want to use while calling the Graph API Client. When I consent to that app using an admin user of the MSP tenant a service principal is created in my MSP tenant. (I use the Acquire token by Code flow).

Now that the service principal is created in the MSP tenant, I try to fetch an access token using the client credentials flow for the MSP user. I get the access token but when I try to call the graph API with that token, I get Unauthorized(401). Missing MFA claim error.

If I try to generate the access token for any managed tenant using the client credentials flow I get the error that The client application {appId} is missing service principal in the tenant {managed tenant ID}. I am pretty sure that I don't need to create a service principal in each of the managed tenants as it kind of defeats the purpose of setting up GDAP.

However, when I use the original access token that is generated by Acquire token by Code flow, that fetches the data for the MSP tenant and or modify the data of MSP tenant but that is not the purpose of what I am trying to accomplish.

I want to be able to read, modify the data of the managed tenants using the graph API client via my NodeJS Rest Server.

I have been stuck here for about 3 days now and am super frustrated. I have tried to follow the guide below by Micorosft but to no success.

Any direction or help will be super appreciated. Let me know if you need more details.

https://learn.microsoft.com/en-us/graph/auth-cloudsolutionprovider?tabs=graphpowershell#token-acquisition-flows