-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem with setting permissions #2
Comments
You don't need to specify those in your app registration.
|
Thanks but this unfortunately does not answer my question. I can request these scopes without any problems using the /tokens endpoint but my question is related to the admin consent. How can an admin consent to these scopes for all users of his organization so that not every user is presented with a consent screen? This scenario was possible under the v1 endpoint BTW. |
@gsacavdm We seem to run into the same problem as htryggva :
Now, when another user signs in, we request 2 scopes: 'openid' & 'User.Read'. This user is presented a (user-)consent screen. This is not what we expected (we expected no user-consent-screen because of admin-consent). The admin-consent page said the following:
The user-consent page says the following:
The Can you help htryggva and me with this issue? (or maybe tell us who can help us with this issue?) |
To answer my own question: |
I looked into this, I'll need more time to confirm the behavoir, but the intended behavior is that you do not need to specify those permissions for admin consent - in particular openid (sign-in). They should be granted by default when you do admin permissions. This is specifically to @MichielK 's point of users getting prompted for consent after admin consent has occurred. If I can confirm repo on that, we'll file a bug. |
I'm having the same issues; admin consent is given but all users are still asked for consent. |
I just tried it again and everything seems to be working on my end. Maybe Microsoft fixed the issue? :-) |
any news about this issue? |
this has been fixed in the portal now. Closing the issue |
Hi
I'm trying to implement the admin consent flow for this sample. The flow itself works fine but I'm unable to set the
openid
,email
,profile
, andoffline_access
scopes in the v2 registration portal at apps.dev.microsoft.com because they are not in the Delegated Permissions list.How can I set these scopes for a v2 app?
Thanks :)
The text was updated successfully, but these errors were encountered: