AAD - Owner password credential flow

0
votes

Hi I am trying to use owner password credential flow by giving username and password and it is giving below error. I am using the native application as the client Id. 

 UserPasswordCredential credentials = new UserPasswordCredential(_userName, _password);
    AuthenticationContext authContext = new AuthenticationContext(_authority);
    var accessToken = await authContext.AcquireTokenAsync(_apiResourceId, _clientId, credentials);
    accessToken.AccessToken;

AdalServiceException: AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxx' named 'nativeclient'. Send an interactive authorization request for this user and resource

I have a scenario where I cannot use client credential flow. Is there anything I am missing as when I use the powershell client ID 1950a258-227b-4e31-a9cf-717495945fc2 it works. How can I consent this application on the context of user as I am not the tenant admin.

1
azure-active-directory

1 Answers

2
votes

It depends on whether the permissions you have added require admin-consent.

You can see it on Azure portal: permissions

If the permissions require admin-consent, you have to use an admin account to do the consent by clicking "Grant admin consent for {your tenant}" here: enter image description here

If the permissions don't require admin-consent, you just need to use a non-admin account to do the consent by accessing https://login.microsoftonline.com/{your tenant}/oauth2/authorize?client_id={Client ID}&response_type=code&redirect_uri={Reply URL}&resource={Resource you want to access, for example: https://graph.microsoft.com/}&prompt=consent. user-consent

Besides, could you please provide more details the "scenario where I cannot use client credential flow"?