-
Notifications
You must be signed in to change notification settings - Fork 21.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to make the consentToApp in Azure AD REST API work? #39562
Comments
@DanijelMalik , This is interesting. I am working on this, do allow us sometime so that we can share our findings on this. |
It might be worth sharing some more details. I have a master application that creates child apps. Those child apps may require some API permissions e.g. Read All Users, hence an Admin consent is required. But I don't want to go back and manually click the button each time this is needed. The master app has a specific flow and would under what circumstances to grant Admin consent, but I'm struggling to get this working. |
@DanijelMalik, Unfortunately we don't have a API or Powershell cmdlet to accomplish it Only ways are using the UI i,.e Portal.azure.com and Grant Permissions or using the Authorize URL Sample consent URL: But that’s a feature that has been requested and you can also vote for it at the following location Hope this helps. |
Thanks for your answer. It doesn't help, but I appreciate it anyway :) |
@DanijelMalik, I totally understand your frustration, and this is a widely requested feature. If you check this site https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/31562305-ability-to-grant-permissions-via-api-or-powershell, you would see, 131 customers have voted for the same and this feature is in review, but no ETA on this yet. But surely its expected to be served soon. It would be great, if you can do an upvote on that above link. |
I already voted. I wish I had a thousand more ;) |
@DanijelMalik, I am going ahead and closing this thread for now. But feel free to re-open this whenever you want any further help on this. I wish I could help you with some more details, but unfortunately its a roadblock for now. Hopefully, we have this implemented soon, so that it helps a large customer base in automating the consent work. |
For me it works, if I call the New-AzureADServiceAppRoleAssignment from the AzureAD PS module.
|
we want consentToApp being invoked by a service principal non-interactive, from Microsoft graph api, how can we achieve this? |
I've been trying to automate what the
Grant admin consent for ...
button does without any luck.It feels like the
appId
in the JWT token "signalises" the API whether to accept the version 2.0 or reject. The acceptedappId
does not exist in my AAD hence I can't create a secret for it.If I grab the token from a browser request and make a POST request with the following body everything works fine and I get back 204.
POST: https://graph.windows.net/myorganization/consentToApp?api-version=2.0
But if I a token generated by a POST to
https://login.microsoftonline.com/{{tenantId}}/oauth2/token
the API throws an error.Anyway, the bottom line is: I need to automate what the
Grand admin consent for ...
does. Maybe I'm down the wrong path and there's a better way of doing it.All suggestions are more than welcome.
The text was updated successfully, but these errors were encountered: