question

WMioConnectors-6974 avatar image
0 Votes"
WMioConnectors-6974 asked ·

Consent screen is not appearing when auth app changes the list of existing scope

Hi Team,

I created one AAD app and added A, B, C Permissions and user authorize app via granting permission from their admin. But as an OAuth app owner, if I add more permissions let b x,y and when user retry to authorize. New consent screen is not appearing with added permissions. It directly provides access token with old scopes(A, B, C).

So how can I make the user get consent screen for every change in scope of request call

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

WMioConnectors-6974 avatar image
0 Votes"
WMioConnectors-6974 answered ·

@soumi-MSFT I tried using v1.0 oauth2. In v1.0 there is no way for providing scopes. So how this can be achieved in v1.0?

· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@WMioConnectors-6974, If you are using v1.0 endpoints, since there is no way to mention specific scopes in the request, hence you would need to add prompt=consent at the end of the request so that the consent screen appears along with the permissions.

0 Votes 0 ·

@WMioConnectors-6974, Just wanted to check if the above response helped.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

0 Votes 0 ·
soumi-MSFT avatar image
0 Votes"
soumi-MSFT answered ·

@WMioConnectors-6974, For the time being you can mention the new Permissions in the scope (in case using v2.0 endpoint) of the Request URL and try. I tried the same and it works for me.

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=xxx-xxx-xxxx&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3456&response_mode=fragment&scope=openid%20offline_access Bookings.Read.All&state=12345

Bookings.Read.All, is the new Permission that I added and tested and it appeared in the Consent Page.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.



· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@WMioConnectors-6974, Also, you can use the following request also:


https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=328589e9-70b3-47e5-85f3-ca9f640305ba&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3456&response_mode=fragment&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2F.default&prompt=consent&state=12345

Here, I used the scope as https://graph.microsoft.com/.default and added prompt=consent to the request. This would also bring up all the consents including the new ones. This is like forcing the consent page to come up with all the available permissions. When you use the prompt=consent, at that time, all permissions which are consented by the admin or user earlier would also list up but when you provide a consent it wont take any effect for the already consented permissions. Incase the list contains any new permission, the consent would only effect only on the new permissions.


0 Votes 0 ·