Share via

Does a call to "https://login.microsoftonline.com/{tenant}/v2.0/adminconsent?client_id=

GM 136 Reputation points
2022-10-04T20:44:20.79+00:00

Consider the have the following scenario:

  • SaaS service uses a multi-tenant Azure AD app to access resources located in the M365 tenant of the service customers
  • When onboarding a new account, the service explicitly request admin consent for our app (using variant of `https://login.microsoftonline.com/{customer_tenant_id}/v2.0/adminconsent?client_id=
Community Center | Not monitored

Answer accepted by question author

Vasil Michev 127K Reputation points MVP Volunteer Moderator
2022-10-05T06:54:43.17+00:00

Yes, querying the /adminconsent endpoint will always result in triggering the consent dialog. If you want to check the current consent state, obtain an access token and check the scopes/roles therein. Only then, if needed, trigger a request against the /adminconsent endpoint.
Refer to this article for more info: https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#validate-user-permission

Was this answer helpful?

0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GM 136 Reputation points
    2022-10-05T19:47:54.807+00:00

    Thank you @Vasil Michev . Your suggestion will work great!

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.