stackoom
  简体   繁体   中英

AADSTS90008: The user or administrator has not consented to use the application with ID

 原文  2021-12-10 09:18:00       azure/ oauth/ multi-tenant

Question

I am trying to login external tenant here. I have added below permissions to my app.

在此处输入图像描述

But i am getting below error. but i have gave that permission already.

AADSTS90008: The user or administrator has not consented to use the application with ID '268a9999-0000-4e61-99f5-020000f777b2'(test.app.test). This happened because application is misconfigured: it must require access to Microsoft Graph by specifying at least 'Sign in and read user profile' permission.\r\nTrace ID: bf014111-2e3f-4c11-1115e-de2fb6951800\r\nCorrelation ID: e0003455-0000-0000-ae4c-2264f23f5747\r\nTimestamp: 2021-12-10 09:24:34Z

my azure AzureAD version is v1

1 answers

solution1
 0  2021-12-13 11:11:22

Here are few of the workarounds to solve the above issue:

  • If you have given all the permission You'll need to make sure, that you've granted the Microsoft graph access to your application data (which you can do yourself, if the Azure Active Directory's settings allow that and the application only wants delegated permissions without admin-consent) or to all users (which requires an administrator to grant the permissions).

在此处输入图像描述

  • If your application is on another tenant, then giving admin consent to the Microsoft Graph from your tenant can be done as Suggested by @amanpreetsingh-msft here .

Admin Consent via Azure Portal can only be provided for the tenant where the application is registered in the first place. Users or Administrators of other tenants cannot consent via Azure Portal and it has to be done,

  1. Either when user/administrator accesses the multi-tenant application first time.
  2. Or by constructing the Admin Consent URL and sharing it with the Administrators of the other tenants.

Below is an example of the Admin Consent URL:

  1. https://login.microsoftonline.com/organizations/v2.0/adminconsent
  2. ?client_id=6731de76-14a6-49ae-97bc-6eba6914391e
  3. &scope=https://graph.microsoft.com/Calendars.Read https://graph.microsoft.com/Mail.Send
  4. &redirect_uri=http://localhost/myapp/permissions
  5. &state=12345

For more information please refer the below links:

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AADSTS65001: The user or administrator has not consented to use the application with ID AADSTS65001: The user or administrator has not consented to use the application with ID '<application ID> Azure AD - AADSTS65001: The user or administrator has not consented to use the application with ID AADSTS65001: The user or administrator has not consented to use the application with ID " XYZXYZXYZ" "AADSTS65001: The user or administrator has not consented to use the application with ID '' named 'PowerBI'. Send an interactive authorization request "AADSTS65001: The user or administrator has not consented to use the application" but the Admin has consented Azure Data Lake Storage Gen2 access token generation - "AADSTS65001: The user or administrator has not consented to use the application with ID Azure registered app error: The user or administrator has not consented to use the application with ID administrator has not consented to use the application — Azure AD The user or administrator has not consented to use the application - Send an interactive authorization request for this user and resource
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM