I'd like to make an app automatically available for all tenants we have in our partner account that doesn't require any user credential.

For that, I created a web app in azure that is multitenant and has access to application permissions over "Microsoft graph" app.

I followed Microsoft's guide to enable the preconsent, and it went well.

I then tried to test calls to the graph API with my tenant:

POST https://login.microsoftonline.com/<my-tenant-id>/oauth2/token
=> got the token
GET https://graph.microsoft.com/v1.0/users
=> Got the users of my-tenant

Then I tried with a customer's tenant:

POST https://login.microsoftonline.com/<customer-tenant-id>/oauth2/token
=> got the token
GET https://graph.microsoft.com/v1.0/users
=> 
{
  "error": {
    "code": "Service_InternalServerError",
    "message": "Encountered an internal server error.",
    "innerError": {
      "request-id": "270ef482-e7ca-4184-bb9e-0567b123b7ab",
      "date": "2016-09-15T10:00:14"
    }
  }
}

Why do I get this 500, shouldn't this call work as I got the oauth token for the customer's tenant?

Also, quick side questions: Does the preconsent work for previously existing tenants? And if permissions are changed, will it affect all tenants without having to do anything?

Update: after trying many things, it started to work with the same commands. However, I tried another random tenant and it gives me the 500... Will keep trying and update

It seems that it was a problem with the consent. Whether or not I use a new tenant, I have to go to https://login.windows.net/common/oauth2/authorize?response_type=code&client_id={0}&prompt=admin_consent (with {0} being the cliendId of the app) and then it works

Something is therefore probably wrong with the autoconsent, but this is up for a separate question.