I have a web app (React app) which can authenticate the user.
The problem is that i'm seeing an AAD error:
invalid_grant: AADSTS65001: The user or administrator has not consented to use the application with ID "My app client ID". Send an interactive authorization request for this user and resource.
Now, under Azure AAD --> App Registrations --> API Permissions, I am seeing the following permission (which is what im trying to use). But I noticed that the status of the permission does NOT say it has been granted.
Question:
Is this the reason/culprit for this error i am seeing?
Yes, that's the most common reason for this error which you are seeing.
Related
I am trying to access my web api written in .Net Core from a ReactJs client application. I have registered both the application in Azure AD and given Admin Consent to the Web API in ReactJs API Permission section. Even after configuring this I am getting invalid_grant: AADSTS65001: The user or administrator has not consented to use the application
Can any please help me regarding this please. How should I connect to the web api.
To resolve the error "invalid_grant: AADSTS65001: The user or administrator has not consented to use the application", try the following:
Make sure to have Global admin role and grant admin consent for the below API permissions of your application:
Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your app -> API permissions -> Add permissions
After granting admin consent, please check whether the status turned green or not.
Make sure whether the below options are checked or not in your authentication tab like below:
If still the issue persists, make use of below document if helpful:
4 ways to fix error AADSTS65001 (issues with Admin Consent!) - #SharePointProblems / Koskila.net
We are trying to call a web api hosted in azure app service from SPFX react webpart using aadhttpclientfactory.
We are receiving the below error.
Error: Error - Type : interaction_required - Description : AADSTS65001: The user or administrator has not consented to use the application with ID <> named 'SharePoint Online Client Extensibility Web Application Principal'. Send an interactive authorization request for this user and resource.
Please suggest the process to resolve the above issue.
Thanks in advance.
You need to consent to use the application. Go to azure portal->Azure Active Directory->App registrations->find your application->Api permissions->click Grant admin consent button(remember to login with the admin account)
If the permissions does't require admin consent, you can also use individual user consent which doesn't need admin permission.
I am trying to request consent for 'IMAP.AccessAsUser.All' permission from user, so that my app can access the user's inbox via OAuth2.
But when i request for permission I get the following error. See attached image.
The application asked for scope 'IMAP.AccessAsUser.All' that does not exist on resource.
Below is the url of the consent link. Could someone help with how I can get consent for this permission 'IMAP.AccessAsUser.All'
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=b0eb0e00-ec46-4df8-a710-491468ed4f37
&response_type=code
&redirect_uri=https%3A%2F%2Fimap.mailboxsync.test.com%2Fredirect%2F
&response_mode=query
&scope=openid%20offline_access%20https%3A%2F%2Foutlook.office365.com%2FIMAP.AccessAsUser.All
&state=12345
I can reproduce your issue, you need to add the API permission as below.
Navigate to the Azure Active Directory -> App Registration in the portal, find your app.
Follow the screenshot below.
So I have registered a new multi-tenant AAD application but trying to log in using the same account I created it with gives me the error
MSAL.Desktop.4.5.0.0.MsalServiceException:
ErrorCode: invalid_client
Microsoft.Identity.Client.MsalServiceException:
AADSTS650051: "Using application 'TestApplication' is currently not supported for your organization sample-company.ch because it is in an unmanaged state. An administrator needs to claim ownership of the company by DNS validation of sample-company.ch before the application TestApplication can be provisioned."
The domain name in question is already verified, so im not sure whats wrong here. After registering the app I just followed their Windows Desktop App Quickstart Guide and tried logging in with their sample project
https://github.com/Azure-Samples/active-directory-dotnet-desktop-msgraph-v2/
Any help would be appreciated
Since your application is for multi-tenant, you probably didn't do user or admin consent for the target tenant.
Try to add &prompt=admin_consent in your request to force admin consent. Log in with an admin account to do admin consent.
Please see details from Understand user and admin consent.
We've been using Azure Active Directory and EWS SOAP web services successfully.
Trying to see if we can use our current authentication method to be able to also invoke Microsoft Graph (i.e. https://graph.microsoft.com/v1.0/me/)
I went into Azure and added Microsoft Graph under App Registrations -> Settings -> Required Permissions.
This was our authorize endpoint url:
https://login.microsoftonline.com/common/oauth2/authorize?resource=https%3A%2F%2Foutlook.office365.com%2F
I changed it to :
https://login.microsoftonline.com/common/oauth2/authorize?resource=https%3A%2F%2Fgraph.microsoft.com
Is this all I had to do? When I try to go through the oAuth 2.0 flow, the authorize request seems successful, then I'm asked to enter my credentials, and then I get an error:
"Misconfigured application. This could be due to one of the
following: The client has not listed any permissions for 'Microsoft
Graph' in the requested permissions in the client's application
registration. Or, The admin has not consented in the tenant. Or, Check
the application identifier in the request to ensure it matches the
configured client application identifier. Please contact your admin to
fix the configuration or consent on behalf of the tenant. Client app
ID: b1313958-.... "
I went into Azure and added Microsoft Graph under App Registrations ->
Settings -> Required Permissions.
You mentioned this as part of your question. Please check if after performing these steps for your App Registration in Azure AD, did you click on the “Grant Permissions” button to provide consent or not.
Looking at the error it seems Consent for Microsoft Graph related permissions isn’t done yet.