Cannot grant organization consent for my application

Seth Hallem 6 Reputation points
2020-01-13T19:21:54.597+00:00

Hello,

I am developing an application that requires organizational consent. Prior to a few days ago, the consent flow was working but my app was configured to accept consent from my tenant only.

Now, I want to roll out this product to other organizations. I changed the Azure setting to allow consent from all tenants. Unfortunately, the consent flow no longer works. I reach the consent page, but upon "Accept"ing the required permissions, I enter a loop. Each time I hit "Accept", I return to the consent page.

Has anyone else seen this issue. Any advice as to how to resolve it?

Regards,

Seth

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,189 questions
{count} vote

2 answers

Sort by: Most helpful
  1. Seth Hallem 6 Reputation points
    2020-01-14T00:39:11.837+00:00

    Frank,

    I initiate my OAuth flow with this URL:

    https://login.microsoftonline.com/common/oauth2/authorize?state=&response_type=code+id_token&scope=openid&client_id=&redirect_uri=https%3A%2F%2Flocalhost%3A8082%2Flink%2FoauthorgO365.xhtml&resource=https%3A%2F%2Foutlook.office365.com&prompt=admin_consent&response_mode=form_post&nonce=

    I placed the consent page in the Chrome debugger, and the attached screen shot is an outline of what I get. The POST to /Set returns a 200, not a 302, and I am back where I started. This did not happen as recently as a few days ago.

    0 comments No comments

  2. alex 106 Reputation points
    2020-01-14T21:47:54.017+00:00

    Try adding delegated permissions for every application permission. They shouldn't really be needed for admin consent for a web app and even if they were, it should fail with an error and not a loop. But that's what fixed it for us.

    0 comments No comments