Reputation: 947
"Could not update the configuration for app" error message when adding Office365 Unified Application permissions
I want to get started with the Office365 Unified API , so I decided to register a new web app to our azure directory.
In the section: "permissions to other applications" , I select Office365 unified API(preview)
I only get set delegated permission (I don't have all admin powers in our tenant), so I choose the ones I need (user profiles, sign-in , the exact number does not matter).
When I save the configuration I get the message
Could not update the configuration for app "" Information tells me: Unauthorized. You do not have sufficient permissions to access this resource.
The strange is , that when I log out and return to the application in the Azure Portal, I do see those modification in the configuration ?!
Finally when I try to call the REST endpoint (with valid Accesstoken etc..) I get this message:
{"error":"invalid_grant","error_description":"AADSTS65001: No permission to access user information is configured for 'f1299649-ea20-4cf6-9cd6-afb69d9b5760' application, or it is expired or revoked.\r\nTrace ID: 69ab1a6c-eeda-4351-8e1e-2b774c19a5a0\r\nCorrelation ID: 968a962e-d851-48bb-ad6f-3f05ea7b8efe\r\nTimestamp: 2015-06-18 20:12:15Z","error_codes":[65001],"timestamp":"2015-06-18 20:12:15Z","trace_id":"69ab1a6c-eeda-4351-8e1e-2b774c19a5a0","correlation_id":"968a962e-d851-48bb-ad6f-3f05ea7b8efe","submit_url":null,"context":null}
So maybe the Azure Portal UI is right the first time and those permissions where never stored with the app ?
the application details in https://portal.office.com/myapps tell me this:
Permissions This app works with data in your documents. It will be able to:
- Read directory data
- Sign you in and read your profile
- Read all users'basic profiles
- Access the directory as you
- Read directory data
- Sign-in as you and read your profile
What would be the next step to take to get this to work ?
Upvotes: 0
Views: 688
Answers (2)
Reputation: 889
It is impossible to set permissions to Office 365 Unified API for your application even if you are tenant administrator due to error. I have tried it. Remember that whole Unified API is in Preview mode so there will definitely be other errors.
Upvotes: 0
Reputation: 5838
What is your app trying to do (in terms of access to users, groups etc)? Access the directory as you is a permission that requires admin consent. The portal unfortunately has a bug that it appears as though you have the permission, but that's not true. That's because there are 2 elements here - configuring the permissions your app needs which drives the consent experience AND the consent grant. The portal (under the covers) tries to consent the app for the permissions it requires within the developer tenant. A non-admin in this case has permissions to update the app configuration, but not to consent for those permissions in their tenant.
Hope this helps,
Upvotes: 1
Related Questions
- Azure registered app error: The user or administrator has not consented to use the application with ID
- AADSTS650051: Application 'CLIENT_ID' is requesting permissions that are either invalid or out of date
- AADSTS65005: Application 'CLIENT_ID' is requesting permissions that are either invalid or out of date."
- The client application has requested access to resource 'https://outlook.office365.com'. This request has failed
- Office365 OAuth API returns error "AADSTS90093: Does not have access to consent"
- Office365 auth fail: Application with identifier XXX was not found in the directory YYY.onmicrosoft.com
- Unsupported app only token issue in authenticating office365
- Office 365 unified API (preview) requests 401 error
- Office 365 'app only' token request fails with 'invalid signature' error
- Office365 Multitenant OAuth 2 App Displays no consent screen