Microsoft Graph API provide user consent without UI flow

Question

I have a Azure Active Directory application and I have provided some of the user delegated permissions for accessing Graph APIs. For example 'user.read' and 'user.read.all' etc.

To provide User Consent for the Graph APIs which have Delegated permission. I need to login using my credentials to the test application (I developed) and then there will be a Popup displayed on the Web UI with title "Permissions requested" to grand the consent. I need to select Accept button to grand the consent.

My questions:

1. Is there a way we can preauthorize the user consent without following Web UI flow?
2. Just like the admin consent in Active Directory, is there a way to grant user consent?

Answer 1

I think you may try to hit this url and signed in with the admin account, then you may consent on behalf of your organization. This url is used to get auth code for using auth code flow(generate access token)

https://login.microsoftonline.com/hanxia.onmicrosoft.com/oauth2/v2.0/authorize?
client_id=your_azure_ad_app_clientid
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost:8080%2F
&response_mode=query
&scope=user.read
&state=12345

Answer 2

Yes, it is possible through MS Graph API.

When you grant user consent, an OAuth2PermissionGrant object is created. Admin consent also creates one but in that one the principal is set to be "all users". You can also create these programmatically.

You can see the docs for the API endpoint here. It is created under the service principal of your app and you specify consentType as "Principal" and principalId as the user's objectId.