Is there a way to know if your app has admin consent granted via API call?

Eber Herrera 0 Reputation points
2023-02-07T17:38:43.8633333+00:00

Hi!

I'm building an application to Connect our SaaS HRTech application (ACME) with MS allowing users to create and configure MS Teams calls from the application itself. I understand that on the OAuth process, the user can be requested to have admin consent depending on the MS account setup. Is there a way to know using an API call whether my MS App needs admin consent for a particular tenant? The use case is to enable my Admin (ACME) users the integration on our end and let them know if they need to request admin consent to the MS admin user internally.

I'm checking out the following documentation:

https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-admin-consent-workflow

https://learn.microsoft.com/en-us/graph/api/resources/appconsentrequest?view=graph-rest-1.0

Thanks

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,992 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 113.1K Reputation points MVP
    2023-02-07T20:30:37.6+00:00

    You can decode the JWT token and look for the set of scopes/roles therein - this will give you a clue as to what permissions have been granted in a given tenant for your app. You can also use the Graph API itself to query for the permissions granted on a given app (service principal grants), but that query is also subject to permissions restrictions, which your app might not have.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.