Questions about Admin Consent URL (v1 vs v2) and Security Implications

Sajjad Zaheri 0 Reputation points
2024-09-30T06:39:20+00:00

Hello,

I have registered an app in Azure with application permissions. When users log in to my app, when needed, I redirect them to the admin consent URL to grant permissions for Entra ID-related functions, following this tutorial. After Microsoft calls my service and provides the tenant ID, I use it to make Graph API calls.

I'm reviewing the documentation for Admin Consent, and I have a few questions:

  1. What is the difference between the v1 and v2 admin consent URLs? Is there any improvement or benefit to using v2 over v1?
  2. The documentation mentions a security warning about potential misuse if someone knows another tenant’s ID. If the tenant has already authorized my application, could a malicious actor change the redirect URL and tenant ID to impersonate another tenant? If so, what is the recommended solution to mitigate this risk?
  3. Is there currently a way to request dynamic permissions? My application requires a wide range of permissions for different functions, but a user might only need to use one function requiring a single permission. How can I handle such cases to avoid requesting excessive permissions?

Thanks in advance for your help!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,044 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.