Admin approval screen keeps showing up

JO-5324 61 Reputation points
2022-11-03T06:33:32.477+00:00

Setup:
I have created a public web application which uses the MS Graph API.
The following permissions are needed: Mail.ReadWrite.Shared, Mail.Send.Shared, MailboxSettings.Read, offline_access, User.Read
Supported account types: Accounts in any organizational directory and personal Microsoft accounts

Problem:
Some of my users are required to get admin approval, but even after receiving an approval they say they are still seeing the message that an approval is required.
See screenshots attached.

Solutions:
I have already checked if there are any Microsoft Azure settings which I need to enable / activate, but in vain.

Does anyone know the cause for this issue and how to solve it?
Cheers

256655-image1.png
256664-image2.png

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,860 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
1,365 questions
Microsoft Graph Users API
Microsoft Graph Users API
A Microsoft API that allows you to build compelling app experiences based on users, their relationships with other users and groups, and the resources they access for example their mails, calendars, files, administrative roles, group memberships.
731 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
4,955 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. CarlZhao-MSFT 23,526 Reputation points
    2022-11-03T07:41:18.513+00:00

    Hi @JO-5324

    You may have specified the prompt=consent parameter in the authentication URL, which will cause the admin consent page to trigger every time you log in to the user, you just need to delete this parameter. 

    https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/authorize?  
client_id={client id}  
&response_type=code  
&redirect_uri={redirect url}  
&response_mode=query  
&scope=Mail.ReadWrite.Shared Mail.Send.Shared MailboxSettings.Read offline_access User.Read  
&state=12345  
&prompt=consent (delete this parameter)

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.