Programmatically consent to multi-tenant app in my tenant

0
votes

I have a requirement wherein I want to give consent to a multi-tenant application (belonging to a different tenant) for our tenant programmatically. Currently I am able to provide consent interactively by opening the following consent URL in my browser and using my user's credentials to login and accept multi-tenant app's permissions: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize.

Can the same be achieved programmatically? Though I am currently using authorization code flow, but I am open to use any other OAuth 2.0 flow which assists in making consent process programmatic. I tried searching online for either azure CLI or Java SDK APIs but had no luck. I am guessing it is mostly not possible but wanted to make sure of the same.

Thanks!

1
azureazure-active-directorymulti-tenant

1 Answers

0
votes

as far as I'm aware, the whole purpose of the consent system is so that it is interactive, if you could programmatically bypass it, then it would kind of defeat the purpose. the only thing you can do is, being an admin, you can consent manually on behalf of the entire tenant, using the admin consent endpoint https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#using-the-admin-consent-endpoint

this way the admin consents once on behalf of everyone, and no other user in the tenant will need to consent.