How to loop through tenantid's by changing authority url

[kfear27]

Please follow the issue template below. Failure to do so will result in a delay in answering your question.

Library

• msal@1.x.x or @azure/msal@1.x.x

Description

I've created a multi tenant App in Azure AD and can use MSAL+Graph API successfully, however I am not attempting to loop through our tenants to collect information, however am unsure of how to do so.

When creating a loop using forEach it doesn't change authority so the returned data from the first connection is returned each time.

See code:

function config_app(tenantid, callback, apiUrl) {
    var applicationConfig = {
        auth: {
            clientId: "XXXX-XXXX-XXXX-XXXX",
            authority: "https://login.microsoftonline.com/" + tenantid,
            redirectUri: "https://my.redirecturi.com/fake"
        },
        cache: {
            cacheLocation: "sessionStorage",
            storeAuthStateInCookie: false
        }
    };
    var msalInstance = new Msal.UserAgentApplication(applicationConfig);
    callback(tenantid, applicationConfig, msalInstance, callMSGraph, apiUrl);
}
function sign_in(tenantid, applicationConfig, msalInstance, callback, apiUrl) {
    var scopes = {
        scopes: ["Organization.Read.All"],
        loginHint: "my@email.com"
    };
    msalInstance.acquireTokenSilent(scopes).then(response => {
        callback(response.accessToken, graphAPICallback, apiUrl);
    }).catch(err => {
    });
}
function callMSGraph(accessToken, callback, apiUrl) {
    console.log("calling ms graph");
    var xmlHttp = new XMLHttpRequest();
    xmlHttp.onreadystatechange = function () {
        if (this.readyState == 4 && this.status == 200)
            callback(JSON.parse(this.responseText));
    }
    xmlHttp.open("GET", "https://graph.microsoft.com/v1.0/" + apiUrl, true);
    xmlHttp.setRequestHeader('Authorization', 'Bearer ' + accessToken);
    xmlHttp.send();
}
function graphAPICallback(data) {
    $('#o365res').append(JSON.stringify(data, null, 2));
}
config_app('XXX-XXX-XXX-XXX-XXX', sign_in, 'organization');

Example Loop:

var clients = ['XXX-XXX-XXX-XXX-XXX','YYYY-YYYY-YYYY-YYYY'];
clients.forEach(function(e) {
    config_app(e, sign_in, 'organization');
});

Are there any better ways to be doing is where it actually works?

Thanks

[jasonnutter]

@kfear27 Apologies for the delay in responding. @sameerag @pkanher617 can correct me if I'm wrong, but I believe this falls under multi-account scenarios, which isn't currently supported.

[kfear27]

@jasonnutter, thank you for the response. Our Azure AD App is multi tenant capeable, I would have thought this was sufficient to do what is needed ? We do have the permissions to access multiple tenants but each request requires a full refresh. Is there a workaround which can be used to flush sessionStorage/localStorage before each new request so it requests a new token for the new teant id ?

[jasonnutter]

@kfear27 Ah, I think we understand your problem now. The underlying root cause (concurrent requests with the same scope but different authorities) is a known issue (#1225).

For now, a potential workaround is to make each of those requests in serial, instead of doing them in parallel.

[kfear27]

Thanks @jasonnutter - Do you have an ETA on any updates where this can be run in parallel ?

[jasonnutter]

@kfear27 Not yet, but we're working on it. I would follow that issues for updates.

Closing as a duplicate.

[kfear27]

Just an FYI I found a solution to this.

Functions:

function getData(tenantid,apiUrl) {
    return new Promise(resolve => {
        var applicationConfig = {
            auth: {
                clientId: "AZURE-APP-ID-HERE",
                authority: "https://login.microsoftonline.com/" + tenantid,
                redirectUri: "https://my.redirect.uri/uri"
            },
            cache: {
                cacheLocation: "localStorage",
                storeAuthStateInCookie: false
            }
        };
        var msalInstance = new Msal.UserAgentApplication(applicationConfig);
        var scopes = {
            forceRefresh: true,
            scopes: ["Organization.Read.All"],
            loginHint: "user@email.com"
        };
        msalInstance.acquireTokenSilent(scopes).then(response => {
            var xmlHttp = new XMLHttpRequest();
            xmlHttp.onreadystatechange = function () {
                if (this.readyState == 4 && this.status == 200) {
                    var data = JSON.parse(this.responseText);
                    $('#o365res').append(JSON.stringify(data, null, 2));
                    resolve();
                }
            }
            xmlHttp.open("GET", "https://graph.microsoft.com/v1.0/" + apiUrl, true);
            xmlHttp.setRequestHeader('Authorization', 'Bearer ' + response.accessToken);
            xmlHttp.send();
        }).catch(err => { });
    });
}
function getDataChain(clients) {
    const nextClient = clients.shift();
    if (nextClient) {
        return getData(nextClient,'organization').then(_ => getDataChain(clients))
    } else { return Promise.resolve(); }
}

Client ID array & calling the chaining function:

var clients = ['XXX-XXX-XXX-XXX-XXX','YYY-YYY-YYY-YYY-YYY'];
getDataChain(clients).then(_ => console.log("all finished"));