OAUTH : User consent screen not showing up

Deepa Jain 1

I have a application registered in Microsoft Azure portal. I haven't Granted admin consent to my application but still don't see user consent screen when user sign's in. I am using prompt=select_account.

here are the API permissions for my app :

Can someone please help : I am trying to get consent screen everytime user logs in and also want the ability for user to be able to select account or login with an email during authentication.

1 answer

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,461 Reputation points

2022-05-04T03:49:00.367+00:00
Hello @Deepa Jain , since all permissions are delegated, you should get the user (not admin) consent screen the first time the user signs in. If that does not happen or if you need to re-consent then try using prompt=consent. If that does not work try removing the granted delegated permissions using Powershell and sign in one more time.

# Login using a Global Admin Connect-AzureAD # Get Service Principal using objectId $sp = Get-AzureADServicePrincipal -ObjectId "<APPLICATION SERVICE PRINCIPAL OBJECT ID>" # Get all delegated permissions for the service principal $spOAuth2PermissionsGrants = Get-AzureADOAuth2PermissionGrant -All $true| Where-Object { $_.clientId -eq $sp.ObjectId -and $_.PrincipalId -eq "<USER OBJECT ID>"} # Remove all delegated permissions $spOAuth2PermissionsGrants | ForEach-Object { Remove-AzureADOAuth2PermissionGrant -ObjectId $_.ObjectId }

Please let us know how it goes.
Please sign in to rate this answer.
Deepa Jain 1 Reputation point

2022-05-04T18:20:28.057+00:00

@Alfredo Revilla - Upwork Top Talent | IAM SWE SWA : thank you for getting back.. With prompt=consent I am getting consent screen but I also would like the user to be able to select account or be able to enter email address of the account user wants to sign in with .Is there a way I can achieve that ?

Also, with prompt=select_account or prompt=login it works intermittently. The consent screen doesn't show up.

What do u mean by "removing the granted delegated permissions " . How can I check that ?

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,461 Reputation points

2022-05-04T23:02:49.01+00:00

Hi @Deepa Jain , prompt=consent should display the list of users available for signin thus making prompt=select_account unnecesary. My understanding is that you don'get that aformentioned experience?

Let's focus first on the login experience to see if we need to go back to removing the delegated permissions.

Deepa Jain 1 Reputation point

2022-05-04T23:20:00.237+00:00

@Alfredo Revilla - Upwork Top Talent | IAM SWE SWA : I am sorry I don't understand what you mean by removing the delegated permissions ? As mentioned above all the permissions are delegated and thus need user approval. With prompt= consent , I am able to achieve that. User is ask to consent everytime on login.

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,461 Reputation points

2022-05-06T00:45:22.93+00:00

Hi @Deepa Jain . To remove the consents was part of a suggested workaround made under the understanding you were not being able to consent them. But ok, since you said consents actually work my question now is is the list of accounts is displayed during such flow? Or if its something still missing?

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,461 Reputation points

2022-06-03T00:07:00.75+00:00

Hello @Deepa Jain , do you still need help for this issue?
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

OAUTH : User consent screen not showing up

1 answer

Your answer