Azure-Samples / ms-identity-java-desktop

A desktop application in Java calling Microsoft Graph API
MIT License
22 stars 24 forks source link

AADSTS65001: The user or administrator has not consented to use the application with ID #10

Closed Jayakrishnantu closed 4 years ago

Jayakrishnantu commented 4 years ago

Hello,

I am following this document https://docs.microsoft.com/en-us/samples/azure-samples/ms-identity-java-desktop/call-msgraph-with-username-password/ and seeing the following issue.

[ForkJoinPool.commonPool-worker-9] ERROR com.microsoft.aad.msal4j.PublicClientApplication - [Correlation ID: 6ed3f887-f7a7-4201-ba9c-6587d8510ef8] Execution of class com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier failed. com.microsoft.aad.msal4j.MsalInteractionRequiredException: AADSTS65001: The user or administrator has not consented to use the application with ID 'ab8dd9d6-d79b-454d-9c40-236a74cfe698' named 'AzureTestApp01'. Send an interactive authorization request for this user and resource. Trace ID: 0eb3ee9e-b1c1-43e8-90b3-2a1a70b71100 Correlation ID: 6ed3f887-f7a7-4201-ba9c-6587d8510ef8 Timestamp: 2020-06-19 22:32:40Z

I have followed the steps.

I have referred multiple articles to resolve this; but none worked. Any pointers will be helpful.

Avery-Dunn commented 4 years ago

Hello, just to confirm admin consent being granted could you go to the API Permissions section of your app registration, and check under the 'status' column to see if it looks similar to this:

image (I added the user.read.all permission just to show what a not-granted permission would look like, for the sample you should only need user.read)

If there is either a yellow exclamation mark(like in the image above) or it is blank, then something may have gone wrong when granting admin consent and you should try the 'grant consent for {tenant}' button again.

Jayakrishnantu commented 4 years ago

Hello, just to confirm admin consent being granted could you go to the API Permissions section of your app registration, and check under the 'status' column to see if it looks similar to this:

image (I added the user.read.all permission just to show what a not-granted permission would look like, for the sample you should only need user.read)

If there is either a yellow exclamation mark(like in the image above) or it is blank, then something may have gone wrong when granting admin consent and you should try the 'grant consent for {tenant}' button again.

I have the Green status for both the APIs. Posting the solution below.

Jayakrishnantu commented 4 years ago

The approach has changed. Should have been using the ROPC flow test to get the access token. Details below. https://stackoverflow.com/questions/62494916/aadsts65001-the-user-or-administrator-has-not-consented-to-use-the-application