question

Subramanyamk-9132 avatar image
0 Votes"
Subramanyamk-9132 asked azure-cxp-api edited

Access Token without Consent(Auth Code Flow)

Hi Team,

We are trying to automated the functionality of API which takes access token (Generated using Auth code Flow)in header.

We have a challenge here that whenever we generating access token for the first time user, its asking user to consent.

In automation we want the user to generate the access token without going through the consent.


How we can achieve this. Please suggest.


Thanks,
Subramanyam

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered

Hi @Subramanyamk-9132 · Thank you for reaching out.

In order to avoid user consent, a consent needs to be granted for the entire organization/tenant by using the Global Admin account of the tenant. For this purpose, you can leverage prompt=consent parameter of Oauth protocol, as mentioned in below call:

https://login.microsoftonline.com/MY_TENANT.onmicrosoft.com/oauth2/v2.0/authorize?client_id=MY_APP_ID_GUID&response_type=code&redirect_uri=MY_REPLY_URL&state=1234&response_mode=query&scope=MY_SCOPES&prompt=consent

Once you sign in using Global Admin account, you will get a checkbox to provide consent for the organization as highlighted below:

86838-image.png

Note: For certain scopes/permissions, a consent is needed to be provided. You can avoid per user consent as mentioned above but there is no way to skip the consent prompt entirely.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (18.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sadomovalex avatar image
0 Votes"
sadomovalex answered

alternatively you may obtain access token for AAD app with preconfigured API permissions and granted admin consent. In this case additional consent won't be asked.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.