We are working on an integration between our application and Azure AD where we provision user accounts using the Graph API. In our tests, we sometimes see that a newly created user seems to be gone on a subsequent request and pop up again later on. A great example of this, is the following sequence of requests:
2021-10-03 15:13:19,125 Starting to send request, URL https://graph.microsoft.com/v1.0/users
2021-10-03 15:13:19,125 Request Method POST
2021-10-03 15:13:19,299 Response code 201, Created
2021-10-03 15:13:19,301 Starting to send request, URL https://graph.microsoft.com/v1.0/users/o-internal@testtopicuskeyhub.onmicrosoft.com
2021-10-03 15:13:19,301 Request Method PATCH
2021-10-03 15:13:19,403 Response code 204, No Content
2021-10-03 15:13:19,405 Starting to send request, URL https://graph.microsoft.com/v1.0/users/o-internal@testtopicuskeyhub.onmicrosoft.com?%24select=accountEnabled%2CdisplayName%2CgivenName%2Cmail%2CmailNickname%2CuserPrincipalName%2ClastPasswordChangeDateTime
2021-10-03 15:13:19,405 Request Method GET
2021-10-03 15:13:19,564 Response code 404, Not Found
2021-10-03 15:13:19,941 Starting to send request, URL https://graph.microsoft.com/v1.0/users?%24select=accountEnabled%2Cid&%24filter=userPrincipalName%20eq%20%27o-internal%40testtopicuskeyhub.onmicrosoft.com%27
2021-10-03 15:13:19,941 Request Method GET
2021-10-03 15:13:19,989 Response code 200, OK
2021-10-03 15:13:19,997 Starting to send request, URL https://graph.microsoft.com/v1.0/users/8d8f02f0-16ed-4de3-87c6-be05312f6655
2021-10-03 15:13:19,997 Request Method DELETE
2021-10-03 15:13:20,110 Response code 204, No Content
Here, the user is created at 15:13:19,125 and patched at 15:13:19,301, but when it's read at 15:13:19,405, it seems to be gone. However, at 15:13:19,941 it's back again and at 15:13:19,997 it's deleted. We see similar problems in other places. Sometimes that patch fails, sometimes when a user is added to security groups, the API later reports that the user was not. It seems the Graph API is eventual consistent. All I could find about that is the Consistencylevel header used for some advanced queries, but we don't use those. Is this expected behavior for the Graph API, or are we missing something?
Best regards,
Emond Papegaaij