invalid_grant - The user or administrator has not consented to use the application with ID

Question

Hello everyone,

I tried to contact MS support team and they just redirected me here and closed the ticket. I'm integrating MS Teams in our product. We have a verified OAuth app and during the authorize call, we are asking the following scopes to the user: OnlineMeetings.ReadWrite User.Read offline_access
A user is getting the following error when refreshing the token:

{
  "error": "invalid_grant",
  "error_description": "AADSTS65001: The user or administrator has not consented to use the application with ID '7e8f29de-1f66-4d0c-b08b-85a915ab3c1b' named 'Blah blah'. Send an interactive authorization request for this user and resource.\r\nTrace ID: ed85dae2-f0e4-4cc7-9646-cd796c6b1b00\r\nCorrelation ID: b3412b22-0e5a-422b-b0ec-006c299eaac0\r\nTimestamp: 2021-03-19 13:12:07Z",
  "error_codes": [
    65001
  ],
  "timestamp": "2021-03-19 13:12:07Z",
  "trace_id": "ed85dae2-f0e4-4cc7-9646-cd796c6b1b00",
  "correlation_id": "b3412b22-0e5a-422b-b0ec-006c299eaac0",
  "suberror": "consent_required"
}

What does that mean and how do I remediate it? Is it a problem on MS side? Do I need to reauthenticate the user?

Answer 1

Hi @vault from the Online Meetings permissions reference, OnlineMeetings.ReadWrite requires admin consent for application requests. The error above indicates that there are permissions for which admin consent is required that have not been approved. To rectify this, log into the Azure AD portal, select your application and consent to the permissions:

I hope this helps.