Reputation: 171
AAD app encounter AADSTS50000 with prompt=admin_consent
Today when I request for a code of AAD app in OAuth flow, the server returns:
error:server_error
error_description:AADSTS50000: There was an error issuing a token or an issue with our sign-in service. Trace ID: c81bb57b-7f96-4f96-9003-13c54b9aa700 Correlation ID: 4303257a-9f95-4298-b8e8-8ea72c696557 Timestamp: 2019-12-17 07:19:35Z
error_uri:https://login.microsoftonline.com/error?code=50000
However afer I remove the prompt=admin_consent from my request query, it works.
This is my original query:
https://login.microsoftonline.com/common/oauth2/authorize?
client_id=xxxxxx-xxxxxx-xxxxxx&
prompt=admin_consent&
scope=openid&
response_type=code&
nonce=xxx-xxx-xxx-xxx&
redirect_uri=https://my.php&
resource=https://graph.windows.net
More information:
Rest of my AAD apps work fine if I do not request for admin_consent
This query was broken today, I still use this since last week.
- The same query works in Germany(https://login.microsoftonline.de) and China(https://login.chinacloudapi.cn) endpoin
2019 / 12 / 18
update more infromation
Now I found that this fail might happen in different browsers and OS
this is my statistics
- X - Google Chrome version 79.0.3945.79 windows 10 - 1903
- X - Microsoft Edge 44.18362.449.0 windows 10 - 1903
- X - Firefox 71.0(64 bit) windows 10 - 1903
- O - Chrome version 76.0.3809.132 Ubuntu 5.4.0-6ubuntu1~16.04.12
- X - Mozilla Firefox for Ubuntu 70.0.1 Ubuntu 5.4.0-6ubuntu1~16.04.12
- X - IE 11.0.9600.19540 Windows 7 SP 1
- X - Firefox 70.0.1 Windows 7 SP 1
- X - Chrome 79.0.3945.88 Windows 7 SP 1
- O - chrome Version 79.0.3945.79 Ubuntu 18.04.3 LTS
- X - Chrome 79.0.3945.88 Ubuntu 18.04.3 LTS
- O - Firefox 71.0 Ubuntu 18.04.3 LTS
- X - Chrome version 79.0.3945.79 Ubuntu 18.04.1 LTS
- O - Firefox 71.0 Ubuntu 18.04.1 LTS
More information about this,
After I remove the SharePoint application permissions of my app, it can successfully login without error AADSTS50000
2019 / 12 / 24 Updated
Received from MS support
“Acknowledging that there seems to be a bug/regression here. Hit count is low, and unfortunately our telemetry does not contain enough information to pinpoint the problem.
Given low hit count and the need to add debugging telemetry, this issue likely will not be resolved till late Jan/early Feb.”
Thank you for help.
Upvotes: 3
Views: 1891
Answers (2)
Reputation: 171
After mail communication with MS support for a week, this problem is comfirmed and fixed by Microsoft
Brief description of the content from the mail:
- The issue is fixed and applied patch on 2018/12/31
- The issue caused by a bug when MS deployed a application permission related feature, bu there is no official bug id or reference.
- The affected region included all Non-English registered tenant.
- All of my tenants now work properly.
Upvotes: 0
Reputation: 15609
According to the official document, you can raise a support ticket on Azure portal by following this link.
Upvotes: 1
Related Questions
- "AADSTS65001: The user or administrator has not consented to use the application" occurs when token is acquired on behalf of a user
- AADSTS70003: The app requested an unsupported grant type 'client_credential'
- AADSTS65001 invalid_grant when all permissions have admin consent
- Azure app incorrectly requesting admin consent?
- Azure AAD and Graph API: Insufficient privileges to complete the operation
- Request Denied After Getting Admin Consent on Tenant
- multi-tenant admin consent fails with "AADSTS90094"
- Insufficient Privileges When Creating AAD App via Graph
- Approve single app in AAD tenant to prevent AADSTS90093 error
- AADSTS70001: Application is not supported for this API version