How to grant for microsoft graph application permissions using admin consent v2 end point?

0
votes

I am working in Azure Application registration process to grant application permissions using V2 end point.

  1. I have added "Mail.Read" as an application permission to the azure app

  2. I have used following URL to give admin consent with specified scope as "Mail.Read".

    https://login.microsoftonline.com/ff63ebda-8bfe-4e14-aba1-504db5c53970/v2.0/adminconsent ?client_id=34dbd899-c9fa-415f-8646-28c644baf3ec &scope=https://graph.microsoft.com/Mail.Read &redirect_uri=https://google.com &state=12345

  3. I accept the requested permission without an issue.

  4. I checked the given permission after accepting and Mail.Read permission is added as "Delegated Permission" which is not the expected behavior.

  5. Then I tried to give consent using default scope(https://graph.microsoft.com/.default).

    https://login.microsoftonline.com/ff63ebda-8bfe-4e14-aba1-504db5c53970/v2.0/adminconsent ?client_id=34dbd899-c9fa-415f-8646-28c644baf3ec &scope=https://graph.microsoft.com/.default &redirect_uri=https://google.com &state=12345

  6. I accept the permissions successfully.

  7. Then permission is added as application permission which is the expected behavior.

My requirement is to use admin consent v2 end point with specified scopes to grant application permissions. I need to know what is the possible way of doing that using admin consent v2 end point.

1
microsoft-graph-apioffice-addins

1 Answers

0
votes

As of today (June 2021) it is not possible to dynamically request admin consent for an application permission (app role).

The only option today is to use scope=.default, which will load the APIs and permissions from the app's configured API permissions.