[英]Grant consent failed with error on Active Directory
I'm logged in as a global administrator, and I have an existing application with multiple roles.我以全局管理员身份登录,并且我有一个具有多个角色的现有应用程序。 I'm trying to add an API permission to one of the app roles and because the roles are not showing in the client credentials flow, I learnt that I'll need to grant admin consent to that particular permission.我正在尝试向其中一个应用程序角色添加 API 权限,因为这些角色未显示在客户端凭据流中,我了解到我需要向管理员授予对该特定权限的同意。 however, when I do so I receive the below error但是,当我这样做时,我收到以下错误
API Permissions API 权限
App Roles应用角色
Error错误
Grant consent failed with error: Claim is invalid: {Id} does not exist on resource application xxxxxx [some random values]同意失败,出现错误:声明无效:资源申请 xxxxxx [一些随机值] 上不存在 {Id}
I was able to reproduce the same error, in which case the cause seems to be due to the application you're granting consent on ("This App"), having an app role added from another app ("Other App"), and this app role on "Other App" was deleted.我能够重现相同的错误,在这种情况下,原因似乎是由于您授予同意的应用程序(“此应用程序”),从另一个应用程序(“其他应用程序”)添加了一个应用程序角色,并且“其他应用”上的此应用角色已被删除。 You should be able to correlate the app ID in the error message to "Other App"您应该能够将错误消息中的应用 ID 关联到“其他应用”
I was getting the error because I had permissions that were deprecated by Microsoft, and when I tried to grant admin consent it would re-apply admin consent to all permissions again not just the newly added ones.我收到错误是因为我拥有被 Microsoft 弃用的权限,当我尝试授予管理员同意时,它会再次将管理员同意应用于所有权限,而不仅仅是新添加的权限。 I resolved the problem by removing the deprecated permissions in the API Permissions page, they no longer display as a name and description, they'll show as a GUID so if that happened to you make sure you remove them.我通过删除 API 权限页面中已弃用的权限解决了这个问题,它们不再显示为名称和描述,它们将显示为 GUID,因此如果发生这种情况,请确保将它们删除。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.