OAUTH : User consent screen not showing up

Deepa Jain 1 Reputation point
2022-05-03T23:06:50.417+00:00

I have a application registered in Microsoft Azure portal. I haven't Granted admin consent to my application but still don't see user consent screen when user sign's in. I am using prompt=select_account.

here are the API permissions for my app :

198646-screen-shot-2022-05-02-at-25028-pm.png

Can someone please help : I am trying to get consent screen everytime user logs in and also want the ability for user to be able to select account or login with an email during authentication.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,531 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. 2022-05-04T03:49:00.367+00:00

    Hello @Deepa Jain , since all permissions are delegated, you should get the user (not admin) consent screen the first time the user signs in. If that does not happen or if you need to re-consent then try using prompt=consent. If that does not work try removing the granted delegated permissions using Powershell and sign in one more time.

       # Login using a Global Admin  
       Connect-AzureAD  
         
       # Get Service Principal using objectId  
       $sp = Get-AzureADServicePrincipal -ObjectId "<APPLICATION SERVICE PRINCIPAL OBJECT ID>"  
         
       # Get all delegated permissions for the service principal  
       $spOAuth2PermissionsGrants = Get-AzureADOAuth2PermissionGrant -All $true| Where-Object { $_.clientId -eq $sp.ObjectId -and $_.PrincipalId -eq "<USER OBJECT ID>"}  
         
       # Remove all delegated permissions  
       $spOAuth2PermissionsGrants | ForEach-Object {  
           Remove-AzureADOAuth2PermissionGrant -ObjectId $_.ObjectId  
       }  
    

    Please let us know how it goes.