Need admin approval - Githubissues

Azure-Samples / ms-identity-python-webapp

A Python web application calling Microsoft graph that is secured using the Microsoft identity platform

MIT License

291 stars 138 forks source link

Need admin approval #19

Closed gregd72002 closed 3 years ago

gregd72002 commented 4 years ago

I've created the app and it works for me.

But when any other user in my organisation tries to access it we get "Need admin approval - Application needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it".

Why would this be required if the SCOPE and Permissions on the app are: User.Read and User.ReadBasic.All (which do not require Admin Consent) ?

We also enabled user consent to no avail:

rayluo commented 4 years ago

@navyasric or @jmprieur : Although this issue is currently recorded in this Python web app sample repo, the symptom (if confirmed) would be language-agnostic. Do you have any idea how "Need admin approval" would happen?

gregd72002 commented 4 years ago

Other developers seem to have the same issue: https://stackoverflow.com/questions/44081476/azure-ad-admin-consent-required-when-it-shouldnt

While "Granting admin consent for Tenant" resolves the problem, they also do not understand why is this required.

jmprieur commented 3 years ago

Some tenant admins require that users can't consent for scopes. @gregd72002 : are you the tenant admin?

rayluo commented 3 years ago

Closing due to inactivity.