Reputation: 5999
Why my app is asking for permissions not configured in Azure AD App
I have a very basic project authenticating user on my Office 365 directory.
When I access it, I have this consent screen:
I'm a bit surprised because, I've removed all the permissions to my application:
The request URL has this permissions:
&scope=openid%20profile%20offline_access%20User.Read.All%20Calendars.ReadWrite.Shared
Why does the application ask for this permissions even if they are not set in AzureAD?
Upvotes: 1
Views: 109
Answers (1)
Reputation: 15639
There is a difference between v1.0 endpoint and v2.0 endpoint. When use v1.0 endpoint, we will use resource instead of scope. All the permissions should be listed under API permissions.
However, when use v2.0 endpoint, we can ask for permissions dynamically. It doesn't matter if you have permissions under API permissions. When you add the permissions to scope, you will see the consent window.
Upvotes: 2
Related Questions
- Azure AD app Need admin approval error: App needs permission to access resources in your organization that only an admin can grant
- ErrorAccessDenied when using app with all permissions
- Trying to get an app permission for User creation of Graph api in azure active directory ,but failed in getting permissions
- MSAL - Application can request permission even if it's not configured in 'API Permissions'
- API Permission Issue while Azure App Registration
- Azure AD: Failed to grant permission for application
- Azure Ad Application Permission
- How to get permissions in Azure Active Directory Application?
- Azure WebApp with Azure AD App returning `auth/login/aad/callback` permission
- AAD Application Permission issue