Share via

During my migration to Microsoft Graph API - how can I ensure that my app users get a consent form?

Nikita Gawande 40 Reputation points
2023-06-13T00:03:10.26+00:00

Hey team!

We are in the process of migration our azure Ad graph API to Microsoft graph API. I want to ensure that my application users get a consent form for the API changes taking place. So we have added Microsoft.Graph User.Read API permissions. In addition, I have added a user_impersonation scope that will allow both users and admins to consent to the changes. However, when I try this out with a test user in our staging env, I am able to access my app and not asked for the consent. When I create a new user the consent form shows up but when an existing user logs in with Microsoft, they are not presented with the consent form to consent to the API changes. Any idea what is happening here?

Microsoft Security | Microsoft Graph
0 comments
Accepted answer
  1. CarlZhao-MSFT 46,376 Reputation points
    2023-06-13T10:03:33.0966667+00:00

    Hi @Nikita Gawande

    If the user/admin has previously logged in and accepted the permissions in the scope, the consent form will not pop up the next time the user/admin logs in.

    If you want the OAuth consent dialog to have to be triggered every time the user logs in, then you can add prompt=consent to the request URL.

    https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/authorize?
client_id={client id}
&response_type=code
&redirect_uri={redirect url}
&response_mode=query
&scope=User.Read
&prompt=consent
&state=12345

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.