AADSTS65001: The user or administrator has not consented to use the application

Rithi Ramji 21 Reputation points Microsoft Employee
2021-09-09T07:53:49.177+00:00

Using a native client app , we are calling a middler tier service which is also registered in AAD. This middle tier service internally takes dependencies on other apps. Recently added a new web resource to be accessed by the middle tier service in API permissions. Admin consent not required and user can consent all apps in User consent settings.

Consistently getting the following error -
Send an interactive authorization request for this user and resource.\r\nTrace ID: f206e1a8-7a3c-4b9d-8918-3f23e7611100\r\nCorrelation ID: 3012cab0-8e6e-452d-9a9b-ce297a5d084b\r\nTimestamp: 2021-09-09 07:28:21Z"

Also tried to consent through following code but not seeing the newly added permissions to the Middle Tier service.

AuthenticationResult authResult = authenticationContext.AcquireTokenAsync(
Audience,
NativeAppClientId,
new Uri(NativeAppRedirectUrl),
new PlatformParameters(PromptBehavior.Auto),
UserIdentifier.AnyUser,
"prompt=consent").GetAwaiter().GetResult();

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,443 questions
0 comments
Accepted answer
  1. Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee
    2021-09-10T23:04:53.03+00:00

    Make sure you have followed the steps to grant admin consent. You can do this under Application > API permissions > Grant admin consent.

    If your app needs user consent, you can construct a consent URL like this:

    https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id={client-id}

    6 people found this answer helpful.
    0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kashif Sattar 11 Reputation points
    2022-06-23T07:53:50.763+00:00

    I have similar issue but it was fixed with adding required graph
    API Permissions in API Expose section and its working fine.

    You also need to care about DELEGATED and APPLICATION permissions

    214166-graphmultiple-permission.png

    2 people found this answer helpful.
    0 comments
  2. Mr. Genesis 1 Reputation point
    2022-09-14T12:24:47.823+00:00

    @Kashif Sattar I did which you said and it's working now. But not understand why hapened so, if before was function normaly without grant admin consent to outhers scopes.
    Thank you.

    0 comments
  3. Charles Hutcherson 1 Reputation point
    2022-10-07T14:09:40.257+00:00

    I have tried all the above but still get the error. Admin consent has been granted to WorldAccess but I still get the error with the following curl. Any help would be appreciated. Thanks! 

    curl --location --request POST 'https://login.microsoftonline.com/<TenantId>/oauth2/v2.0/token' \  
--header 'Content-Type: application/x-www-form-urlencoded' \  
--data-urlencode 'client_id=<clientId>' \  
--data-urlencode 'username=<username>' \  
--data-urlencode 'password=<password>' \  
--data-urlencode 'client_secret=<secret>' \  
--data-urlencode 'grant_type=password' \  
--data-urlencode 'scope=WorldAccess'

    248575-image.png

  4. ناجي الكلبي - Naji Alkalbi 0 Reputation points
    2024-03-06T13:27:23.6733333+00:00

    For me and After doing all the steps grant and permission

    The problem was solved by adding scope

    User's image