My objective is to get access token for a user for a resource( an AD app present in the tenant)
I have been able to get access token for a service principal by using
az login --service-principal -u -p --tenant --allow-no-subscriptions
az account get-access-token --resource
Now when I try to achieve the same for a user by switching service-principal login by user login(az login)
az login
az account get-access-token --resource
This however gives an error
Get Token request returned http error: 400 and server response: {"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID 'abc'. Send an interactive authorization request for this user and resource.\r\nTrace ID: 19fdf309-f9ef-423b-8c18-7cd9269b0700\r\nr\nTimestamp: 2019-11-21 09:03:25Z","error_codes":[65001],"timestamp":"2019-11-21 09:03:25Z","trace_id":"19fdf309-f9ef-423b-8c18-7cd9269b0700","correlation_id":"2aafc4e4-0c1b-42b3-ba59-afe09bbe9fb5","suberror":"consent_required"}
Can someone help me understand why this is the case?
Thanks in advance!
