Multitenant microsoft graph app admin consent without code postback

0
votes

we have a multi-tenant graph app and we are experiencing some unexpected behavior.

When a first user (non-admin and from another tenant) want to connect to the (enterprise) app, he logs in and gets the message 'Need admin approval'. This is normal, as the required permissions demand this.

Let's say the user knows the administrator login/pass, he clicks on 'Have an admin account, Sign in with that account', he logs in as administrator and approves the consent.

But then a code is generated for that administrator account and is posted back to my initial application(website). Resulting in the user having an access token for an administrator (which does not have SPO in our situation thus failing our application).

My very simple question: how can i just consent the app with an administrator account but without the flow posting back a code for that administrator to the redirect-url.

Is this possible?

Thank you

1
oauth-2.0microsoft-graph-api

1 Answers

0
votes

Ok, i think my problem is solved. Upon activating the app in our settings, we can direct the admin to following url:

https://login.microsoftonline.com/(tenantid)/v2.0/adminconsent?client_id=(clientid)&state=12345&redirect_uri=(redirecturl)&scope=(permissions)

We get redirected then like we receive a token, but having the state that also comes in the redirect url we might use it to display another message to the user.