I have registered a sample multi-tenant app in azure portal app registration requiring certain permissions to access outlook mails. I also have a SAAS application which uses this app and requests for oauth token from users to read and send emails using outlook.
There is a tenant with a set of users who want to use my app for configuring emails in the SAAS application. But the users in the tenant do not have admin privileges to give consent to the application. Based on MS documentation, admin has to give consent to the application using the v2-permissions-and-consent
Admin has given consent to the application by using the following URL:
https://login.microsoftonline.com/{tenant ID}/v2.0/adminconsent?client_id=xxxxxxxxxxxxxxxxxxxxxxxxxxxb&state=12345&redirect_uri=https://c9713e1c5859.ngrok.io/auth/outlook/callback&scope=https://outlook.office.com/User.Read https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send&response_type=code
Admin consented permissions: consented permissions
Even after admin gives consent to all the permissions that the app requests and adds the users to the configured enterprise application in Azure AD, the users are shown the approval prompt when they try to login to the application.
Approval prompt shown to the users : approval prompt
Ideally, once the app is approved in Azure AD Enterprise Applications, all the other users in the tenant should be able to use the application without any consent requirement.
The oauth URL that users use to login is
Could anyone help me understand what I am missing here?
