CODEWITHSUNDEEP
androidazure-ad-msalintune
Swati
Swati

Reputation: 11

Always receiving AUTHORIZATION_NEEDED when doing app enrollment using MSAL

In our android app, I am unable to register the app for enrollment. Everything is set up according to this sample "https://github.com/msintuneappsdk/Taskr-Sample-Intune-Android-App" but still i am always receiving"AUTHORIZATION_NEEDED" error code when i call registerAccountForMAM().

I am using MSAL with intune SDK and the app is registered as multi tenant.

AacquireToken() code in MAMServiceAuthenticationCallback

@Override
    public String acquireToken(@NonNull final String upn, @NonNull final String aadId, @NonNull final String resourceId) {
           final String[] scopes = {resourceId + "/.default"};
            final IAccount account = MSUtil.loadAccounts(MSUtil.getAaid());
            if (account == null) {
                try {
                    throw new MsalUiRequiredException(MsalUiRequiredException.NO_ACCOUNT_FOUND, "no account found for " + aadId);
                } catch (MsalUiRequiredException e) {
                    e.printStackTrace();
                }
            }

            AcquireTokenSilentParameters params =
                    new AcquireTokenSilentParameters.Builder()
                            .forAccount(account)
                            .fromAuthority(account.getAuthority())
                            .withScopes(Arrays.asList(scopes))
                            .build();
            final IAuthenticationResult iAuthenticationResult = mMultipleAccountApp.acquireTokenSilent(params);
            iAuthenticationResult.getAccessToken();   
 }

Here acquireTokenSilent() call is always falling for me with below error

"com.microsoft.identity.client.exception.MsalUiRequiredException: AADSTS65001: The user or administrator has not consented to use the application with ID 'XXX' named 'XXX'. Send an interactive authorization request for this user and resource."

I would expect to get ENROLLMENT_SUCCEEDED as a result instead of AUTHORIZATION_NEEDED.

I also tried to request this url manually "https://login.microsoftonline.com/121025c7-d7d0-4cab-a42e-8994b36d1aac/oauth2/authorize?client_id=XXX &response_type=code&redirect_uri=“XXX” &prompt=admin_consent" as suggested on other articles but no luck.

Upvotes: 0

Views: 541

Answers (1)

Swati
Swati

Reputation: 11

Never mind, i am able to resolve this by giving grant access of the permission on admin tool.

Upvotes: 1

Related Questions