Not being able to get user consent - OAuth2 with AzureAD

0 votes

Well,I was trying to get the OAuth2 workflow for Azure AD by following the directions from: https://msdn.microsoft.com/en-us/library/azure/dn645542.aspx

I can successfully get an authorization code response by using this request: 

https://login.microsoftonline.com/[app-endpoint-id]/oauth2/authorize?response_type=code&client_id=[client-id]&redirect_uri=[redirect-uri]

I then use the authorization code to request an access token with a http post like so (I am testing this using Postman):

POST /[app-endpoint-id]/oauth2/token HTTP/1.1 Host: login.microsoftonline.com Cache-Control: no-cache Postman-Token: ed098281-9aa4-6e5f-915d-0253d9a876d3 Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&client_id=[client-id]&code=[authorization_code]&redirect_uri=[redirect_uri]&client_secret=[client-secret]&resource=[app-url]

I get the following error message from the POST request:

{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID 'app-id'. Send an interactive authorization request for this user and resource.\r\nTrace ID: trace-di\r\nCorrelation ID: correlation-id\r\nTimestamp: 2016-01-13 17:18:39Z","error_codes":[65001],"timestamp":"2016-01-13 17:18:39Z","trace_id":"trace-id","correlation_id":"correlation-id"}

If I clear my cache and make the first request for the authorization code I will be redirected to log in. However, I don't get any way to authorize my app after logging in like it says I should in this documentation:

//azure.microsoft.com/en-us/documentation/articles/active-directory-integrating-applications/

What am I doing wrong here? I am trying to get an access token.

Jun 8, 2018 in Azure by null_void
• 3,220 points
1,801 views

1 answer to this question.

0 votes
The problem you are running in to is that the tenant you are using to access your app has not added your application to the list of applications that are supported. It's telling you to use the interactive flow as an administrator.

Consent is a two step process:

1) First, the administrator of the tenant must approve the app. This can be done either 1) in the Azure portal of the tenant wishing to use the app or 2) by launching the app and using admin credentials against the app when you sign in.

Example of the Azure portal approval:

2) Second, any additional user (non-admin) will be promoted to consent for their individual information when using the app for the first time after the admin has consented that the app can be used.
answered Jun 8, 2018 by cloudie_crank
• 1,610 points

Related Questions In Azure

+1 vote
2 answers

Not able to ping AWS EC2 Instance

The custom ICMP rule in the security ...READ MORE

answered Apr 17, 2018 in Azure by Cloud gunner
• 4,670 points
3,336 views
0 votes
1 answer

The user or administrator has not consented to use the application-Send interactive authorization request

An admin must consent to the permissions. ...READ MORE

answered Aug 24, 2018 in Azure by club_seesharp
• 3,450 points
7,865 views
0 votes
1 answer

How to add a body to a HttpWebRequest that is being used with the Azure Service management API?

The following code should help: byte[] buf = ...READ MORE

answered Apr 3, 2019 in Azure by Prerna
• 1,960 points
2,001 views
0 votes
1 answer

Is there a way to get ERROR details on Azure website?

You have two options: First, you can turn ...READ MORE

answered May 25, 2018 in Azure by club_seesharp
• 3,450 points
2,383 views
0 votes
1 answer

How can i upload to Azure Blob storage with Shared Access key?

For GetBlobReferenceFromServer to work, the blob must be present ...READ MORE

answered Jun 12, 2018 in Azure by club_seesharp
• 3,450 points
3,340 views
0 votes
1 answer

How to get the list of names of Azure blob files in a container?

We can get some additional info like Size, ...READ MORE

answered Jun 27, 2018 in Azure by club_seesharp
• 3,450 points
20,907 views
0 votes
1 answer

Error: The subscription is not registered to use namespace 'Microsoft.DataFactory

In Azure, for each functionality there's a ...READ MORE

answered Aug 24, 2018 in Azure by null_void
• 3,220 points
1,324 views
0 votes
1 answer

Stream uploaded file to Azure blob storage with Node

Using Multiparty(npm install multiparty), a fork of ...READ MORE

answered Sep 24, 2018 in Azure by club_seesharp
• 3,450 points
7,285 views
0 votes
1 answer

How to get the Azure table Row count?

Unfortunately there's no other way to do ...READ MORE

answered Sep 25, 2018 in Azure by null_void
• 3,220 points
7,227 views
0 votes
2 answers

How to process a file using Azure Function?

You don't really need a http trigger ...READ MORE

answered Jun 18, 2018 in Azure by club_seesharp
• 3,450 points
6,867 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP