Access Token without Consent(Auth Code Flow)

Subramanyam k 251 Reputation points
2021-04-12T09:29:34.433+00:00

Hi Team,

We are trying to automated the functionality of API which takes access token (Generated using Auth code Flow)in header.

We have a challenge here that whenever we generating access token for the first time user, its asking user to consent.

In automation we want the user to generate the access token without going through the consent.

How we can achieve this. Please suggest.

Thanks,
Subramanyam

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,301 Reputation points
    2021-04-12T10:33:19.38+00:00

    Hi @Subramanyam k · Thank you for reaching out.

    In order to avoid user consent, a consent needs to be granted for the entire organization/tenant by using the Global Admin account of the tenant. For this purpose, you can leverage prompt=consent parameter of Oauth protocol, as mentioned in below call:

    https://login.microsoftonline.com/MY_TENANT.onmicrosoft.com/oauth2/v2.0/authorize?client_id=MY_APP_ID_GUID&response_type=code&redirect_uri=MY_REPLY_URL&state=1234&response_mode=query&scope=MY_SCOPES&prompt=consent

    Once you sign in using Global Admin account, you will get a checkbox to provide consent for the organization as highlighted below:

    86838-image.png

    Note: For certain scopes/permissions, a consent is needed to be provided. You can avoid per user consent as mentioned above but there is no way to skip the consent prompt entirely.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments
  2. sadomovalex 3,626 Reputation points
    2021-04-12T14:42:34.363+00:00

    alternatively you may obtain access token for AAD app with preconfigured API permissions and granted admin consent. In this case additional consent won't be asked.

    0 comments
  3. Phaneendhra Ajay Thota 0 Reputation points
    2023-08-03T14:18:59.95+00:00

    I believe it isn't possible to sign-in first without user consent and then later seek whatever the permissions required? as I do not like to scare the user with a list of permissions he might or might not be willing to provide. how can i go about this?

    0 comments
  4. nicolas pinzon 0 Reputation points
    2024-02-29T16:37:25.1966667+00:00

    I have the same problem, im trying to implement an automatization that send an offline conversion from my MS to by bing ads account across the sdk but currently i only can get the token with the authentication with a consent, and its really hard to do that if the sdk ask for this kind of authorization in this backend service

    0 comments