question

SethHallem-9475 avatar image
1 Vote"
SethHallem-9475 asked ·

Cannot grant organization consent for my application

Hello,

I am developing an application that requires organizational consent. Prior to a few days ago, the consent flow was working but my app was configured to accept consent from my tenant only.

Now, I want to roll out this product to other organizations. I changed the Azure setting to allow consent from all tenants. Unfortunately, the consent flow no longer works. I reach the consent page, but upon "Accept"ing the required permissions, I enter a loop. Each time I hit "Accept", I return to the consent page.

Has anyone else seen this issue. Any advice as to how to resolve it?

Regards,

Seth

azure-active-directory
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Could you get a fiddler trace and see what's going on? Is it doing a 302 back and forth and are you using an OIDC flow?

What kind of flow are you doing for your application? There are alot of common redirection issues that could happen for a variety of reasons and it's difficult to know why this is happening for you specifically without knowing exactly what's going on in the fiddler trace.

Please take a look at this for further details if using an OIDC app https://blogs.aaddevsup.xyz/2019/07/infinite-redirect-between-openid-connect-application-and-azure-ad/

0 Votes 0 · ·
SethHallem-9475 avatar image
0 Votes"
SethHallem-9475 answered ·

Frank,

I initiate my OAuth flow with this URL:

https://login.microsoftonline.com/common/oauth2/authorize?state=&response_type=code+id_token≻ope=openid&client_id=&redirect_uri=https%3A%2F%2Flocalhost%3A8082%2Flink%2FoauthorgO365.xhtml&resource=https%3A%2F%2Foutlook.office365.com≺ompt=admin_consent&response_mode=form_post&nonce=

I placed the consent page in the Chrome debugger, and the attached screen shot is an outline of what I get. The POST to /Set returns a 200, not a 302, and I am back where I started. This did not happen as recently as a few days ago.

[1]: /answers/storage/attachments/1941-screen-shot-2020-01-13-at-73451-pm.png


· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

alex-7202 avatar image
0 Votes"
alex-7202 answered ·

Try adding delegated permissions for every application permission. They shouldn't really be needed for admin consent for a web app and even if they were, it should fail with an error and not a loop. But that's what fixed it for us.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.