Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Trouble in Forcing Consent Prompt and Scopes Declined Error with MSAL on Android
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 43%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Terence Sajere
0
Reputation points
Dear Microsoft Support,
I am developing an Android application that uses the Microsoft Identity Platform for authentication. I am using the MSAL library for this.
However, I have been encountering issues with getting the application to prompt for user consent, despite setting the Prompt parameter to "CONSENT" as recommended in the MSAL documentation. I am expecting to see a consent prompt screen after the user signs in, but this screen does not appear.
Additionally, even after following the MSAL documentation and setting the correct scopes, I am getting an error message stating, "some or all requested scopes have been declined by the server" when trying to sign in. Interestingly, when I remove the "offline_access" scope from the list, I am able to sign in without the error. However, I need the "offline_access" scope for my application.
Here's a simplified code snippet illustrating how I'm initiating the sign-in process:
val scopes = listOf( "openid", "User.Read", "Mail.Send", "Mail.ReadWrite", "offline_access" )
val parameters = AcquireTokenParameters.Builder() .startAuthorizationFromActivity(this) .withScopes(scopes) .withLoginHint(userEmail) // Pass the email as the login hint .withPrompt(Prompt.CONSENT) // Force consent prompt .withCallback(object : AuthenticationCallback { override fun onSuccess(authenticationResult: IAuthenticationResult) { // Handle success } override fun onError(exception: MsalException) { // Handle error } override fun onCancel() { // Handle cancellation } }) .build() myPublicClientApplication.acquireToken(parameters)
I have ensured that the requested scopes match the permissions that I've set in my app registration on the Azure portal.
Could you please help me understand why the consent prompt is not showing and why I am getting a scopes declined error when the "offline_access" scope is included?
Your help would be greatly appreciated.
Best Regards,
Terence.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
Microsoft Security | Microsoft Graph
An API that connects multiple Microsoft services, enabling data access and automation across platforms
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,546 Reputation points Moderator2023-06-23T17:17:04.9766667+00:00 Hello @Terence Sajere , I will working on this and come back with an answer ASAP.
-
Terence Sajere 0 Reputation points
2023-06-28T12:29:31.7+00:00 That would be great as I have been battling with this for a while now, looking forward to getting feedback from you.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 55.00000000000001%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOD%3C/text%3E%3C/svg%3E)
Onyango, David 31 Reputation points2024-01-07T12:22:56.3666667+00:00 Did you get a solution for this? I am experiencing the same with offline_access scope
Sign in to comment
Sign in to answer