AAD - Owner password credential flow

Question

Hi I am trying to use owner password credential flow by giving username and password and it is giving below error. I am using the native application as the client Id.

 UserPasswordCredential credentials = new UserPasswordCredential(_userName, _password);
    AuthenticationContext authContext = new AuthenticationContext(_authority);
    var accessToken = await authContext.AcquireTokenAsync(_apiResourceId, _clientId, credentials);
    accessToken.AccessToken;

AdalServiceException: AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxx' named 'nativeclient'. Send an interactive authorization request for this user and resource

I have a scenario where I cannot use client credential flow. Is there anything I am missing as when I use the powershell client ID 1950a258-227b-4e31-a9cf-717495945fc2 it works. How can I consent this application on the context of user as I am not the tenant admin.

Answer 1

It depends on whether the permissions you have added require admin-consent.

You can see it on Azure portal:

If the permissions require admin-consent, you have to use an admin account to do the consent by clicking "Grant admin consent for {your tenant}" here:

If the permissions don't require admin-consent, you just need to use a non-admin account to do the consent by accessing https://login.microsoftonline.com/{your tenant}/oauth2/authorize?client_id={Client ID}&response_type=code&redirect_uri={Reply URL}&resource={Resource you want to access, for example: https://graph.microsoft.com/}&prompt=consent.

Besides, could you please provide more details the "scenario where I cannot use client credential flow"?