Home > Enterprise >  Adding permissions to an application in Azure app registration
Adding permissions to an application in Azure app registration

Time:11-22

I'm currently learning about Azure app registrations, and there is something I don't quite understand. The docs in enter image description here

Now, when I run the application and attempt to sign in, the user consent prompt is prompted to me, but it doesn't request for permissions for any of the above scopes. It gives me:

enter image description here

Can someone clear out the fog?

CodePudding user response:

Without looking at the sample, I think it is not requesting an access token in that request. The client is only requesting an ID token (with something like scope=openid profile).

You need to specify e.g. https://graph.microsoft.com/.default as a scope when authenticating the user to get an access token. In this case we use the special ".default" scope that tells AAD "just use the ones in the app registration". Alternatively you could ask for e.g. https://graph.microsoft.com/AccessReview.Read.All scope to require that permission.

One thing to note here though. If your client app used the v1 authorization endpoint, those configured permissions would be required. But I assume the app is using MSAL and the v2 endpoint, which allows these dynamic permission requests.

  • Related