Azure AD “Grant permission” button stopped working

3
votes

Since 18th of May 2018 the button to grant permissions button in Azure (used as admin to give permission to application roles for all users) stopped working.

  • I am global administrator on the AD
  • It worked before

AAD error details: "Failed to grant permissions for application [application name]"

Error json:

{"errorCode":"Request_BadRequest","localizedErrorDetails":{"errorDetail":"Consent validation failed: "},"operationResults":null,"timeStampUtc":"2018-05-28T17:56:43.765787Z","clientRequestId":"1c1cad98-7731-45bf-8d78-8465ffdf902f","internalTransactionId":"42926dde-51de-451c-aae8-a186167197e8","upn":"[email protected]","tenantId":"f0000d-9eb0-473e-9646-ceggf5d47c69d","userObjectId":null}

I have no idea what has been changed since that day. Steps to reproduce:

  • In App registrations under Azure active directory
  • Modify the manifest and add a new application role to the API app
  • Give permission to a client app for that application role
  • Click "grant permission" in the upper right corner
1
azureoauth-2.0azure-active-directoryazure-ad-b2b
What permission do you grant ? Is this API or product license has been expired?Wayne Yang
@WayneYang-MSFT Azure AD cannot be expired i think. The permissions a want to grant are "Application permissions" specified in the Manifest of the registered app in Approles in Azure. The granting worked before but stopped suddenly. I can't remember i changed something in the portal.MiKey
I mean that the the required permissions API,just like Microsoft Graph , not AAD. For example. If you have Sharepoint Online license.You can use Office 365 Sharepoint online API and add this as required permissions. What kind of API are you using.Wayne Yang
@WayneYang-MSFT a custom made api of my own. In a first registered app the application permissions are set. In a second registered app i can select these permissions. After that you need to grant permissions for all users. It is this final step which is not working anymore.MiKey
Hi @mike, That makes sense. I assume that it may casued by your Server Web API. Have you checked if it runs well?Wayne Yang

1 Answers

3
votes

In Azure Active Directory, Go to App Registrations, select the app where you want to add the rights to, go to Settings, Required Permissions and select the API which is giving you grief and delete it.

After that, add it again, and it should work now.