Azure AD authentication issue in cordova plugin

Question

I am following the sample to add authentication to a cordova app here: https://github.com/Azure-Samples/active-directory-cordova-multitarget

I have registered my tenant and set up the permissions. I have the following line to retrieve an access token:

authContext.acquireTokenAsync('https://graph.windows.net', 'myappid', 'http://myappnamehere')
    .then(function(authResult) {
        // success handler
        alert(authResult.userInfo);
    });

When I run the app I get redirected to the microsoft login page and I successfully authenticate. It redirects me back to my app page and displays null on the alert. I inspected authResult and the statusCode property was 'Failed' and accessToken is null. There is no other information given to help me figure out what the problem was.

I modified the source code for the plugin to return a few more properties including the 'errorLogInfo' property which is returning the following message:

ErrorCode: invalid_grant The user or administrator has not consented to use the application with ID 'myappid'. Send an interactive authorization request for this user and resource.

I am running this sample off of my MSDN Azure account and logging in with the owner of the Azure account. When I run the same sample using a user I created on the tenant it works successfully.

• Why does the sample work for a random user I created in my tenant but not the administrator account?
• How do I 'send an interactive authorization request' like it says in the error message?

Answer 1

Is your administrator a Microsoft Account (e.g. LiveID)? If that's the case, you won't be able to use it with the /common endpoint. If you use your tenant domain instead of /common in the authority URL you'll see that your admin will be able to get a token successfully.