Azure AD Authorization endpoint asking for admin consent

0
votes

Hi I'm trying to Embed a PowerBI report in Asp.Net application using the sample application downloaded from here . I'm using UsersOwnData flow.

The same portal has created the Azure AD app registration with the permissions shown in below image. Although none of the permissions need admin consent, I'm getting an error saying admin consent is needed as shown in below image when I hit the authorize endpoint. Am I missing something?

enter image description here

enter image description here

1
azureoauth-2.0azure-active-directorypowerbipowerbi-embedded
Judging from the first screenshot you provided. There should indeed be permissions without the permission of the administrator, so there will be this prompt. Can you check the app id you are using and make sure it is the app id of your second screenshot.Carl Zhao
@CarlZhao Yes, the appid is correct. Verified. There has been change in the permissions after the app was created with initial permissions. When initial permissions were added, some of them needed admin consent. But removed that later.PNDev
After deleting the permissions that require the administrator's consent, does it still prompt you to log in as an administrator to consent permissions?Carl Zhao
@CarlZhao Yes that's correctPNDev
You need to log in to AAD as an administrator, go to AAD>Enterprise applications>Consent and permissions>User consent settings, select Allow user consent for apps i.stack.imgur.com/8BRrR.pngCarl Zhao

1 Answers

3
votes

The app was registered as a multitenant application although it was not intended. Since Nov 9th 2020 Microsoft requires admin consent to be granted for multitenant apps and end users cannot grant the consent if the publisher is not verified by entering the MPN Id.

This was the issue in my case. It was solved by granting the admin consent. The small note displayed in the Authentication blade helped me to identify the issue. enter image description here