Yes, querying the /adminconsent endpoint will always result in triggering the consent dialog. If you want to check the current consent state, obtain an access token and check the scopes/roles therein. Only then, if needed, trigger a request against the /adminconsent endpoint.
Refer to this article for more info: https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#validate-user-permission
Does a call to "https://login.microsoftonline.com/{tenant}/v2.0/adminconsent?client_id=
GM
136
Reputation points
Consider the have the following scenario:
- SaaS service uses a multi-tenant Azure AD app to access resources located in the M365 tenant of the service customers
- When onboarding a new account, the service explicitly request admin consent for our app (using variant of `https://login.microsoftonline.com/{customer_tenant_id}/v2.0/adminconsent?client_id=
Accepted answer
-
Vasil Michev 113.5K Reputation points MVP
2022-10-05T06:54:43.17+00:00
1 additional answer
Sort by: Most helpful
-
GM 136 Reputation points
2022-10-05T19:47:54.807+00:00 Thank you @Vasil Michev . Your suggestion will work great!