CODEWITHSUNDEEP
pythonazureoauth-2.0azure-active-directoryazure-ad-graph-api
Progger
Progger

Reputation: 2254

administrator has not consented to use the application -- Azure AD

I am trying to obtain a token from Azure AD from Python client application. I want users to seamlessly authenticate with just a username and password (client_id / secret will be embedded in the app). I registered my app and given it all permissions and hit the "grant permissions" button in the new portal according to this post:

The user or administrator has not consented to use the application - Send an interactive authorization request for this user and resource

I am sending an http post to:

https://login.microsoftonline.com/{tenant_id}/oauth2/token

with the following data:

headers = {
    "Content-Type": "application/x-www-form-urlencoded"
}

body = "resource={0}&grant_type=password&username={1}&password={2}&client_id={3}&client_secret={4}&scope=openid".format(app_id_uri,user,password,client_id,client_secret)

I cannot seem to get past this error no matter what I try:

b'{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID \'078c1175-e384-4ac7-9116-efbebda7ccc2\'. Send an interactive authorization request for this user and resource.

Again, my goal:

User enters user / pass and nothing else. App sends user / pass / client_id / client_secret, obtains token.

Upvotes: 3

Views: 2902

Answers (2)

Gary Liu
Gary Liu

Reputation: 13918

According to your comment:

The message I'm receiving says to do an interactive request but that is exactly what I'm trying to avoid because this is a python app with no web browser and I'm trying to avoid complexity.

I think you want to build a daemon app or an app only application integrating with Azure AD. You can refer to https://graph.microsoft.io/en-us/docs/authorization/app_only for the general introduction.

Furthermore, you can leverage the ADAL for Python to implement this functionality with a ease. Also, you can refer to client_credentials_sample.py for a quick start.

Upvotes: 2

RasmusW
RasmusW

Reputation: 3471

You should try logging in as an admin to be able to give consent to use the application on your tenant at all.

Upvotes: 0

Related Questions