13,734 questions
Hi @Enes OZDEMIR (ADEO) ,
I think there is a time limit of 15 min for sign in before it expires, as mentioned in the Document
Microsoft Graph authorization_pending error
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 36%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEO%3C/text%3E%3C/svg%3E)
Enes OZDEMIR (ADEO)
1
Reputation point
Hi everybody, I am trying to set up an integration that uses Graph API through device code flow. I am totally new to this so here is what I have done. I requested admin consent for the application after logging in on microsoft. Our admin approved the request so I got an email saying that Admin consent granted. When I go back to the integration I am getting authorization_pending error. After a while token expires and I have to start all over again (including requesting approval).
I checked the microsoft documentation and it says
authorization_pending The user hasn't finished authenticating, but hasn't canceled the flow. Repeat the request after at least interval seconds.
I don't understand do I need to keep requesting admin consent? what am I supposed to do?
Microsoft Security | Microsoft Graph
3 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 7.000000000000001%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Mehtab Siddique (MINDTREE LIMITED) 971 Reputation points2022-05-27T13:24:16.193+00:00 -
Enes OZDEMIR (ADEO) 1 Reputation point
2022-05-27T13:30:19.097+00:00 But I am already logged in. So does it mean I have to log out and sign in only when requesting approval?
-
Mehtab Siddique (MINDTREE LIMITED) 971 Reputation points
2022-05-27T13:37:36.117+00:00 Yes I think according to the document, as its mentioned "only make this request when the user has indicated they're ready to sign in" it only works when the user is ready for sign-in.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 23%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
Jorge de Almeida Pinto [MVP] 96 Reputation points MVP2024-03-07T22:23:23.1066667+00:00 In this case I THINK, the "authorization_pending error" means the app used to sign in has not been confirmed/verified. The verification when using device code is done when receving the pgid "CmsiInterrupt". You then have to target the url in the urlpost (https://login.microsoftonline.com/appverify) with a body:
$requestBody = @{ "canary" = <canary value> "ContinueAuth" = $true "ctx" = <ctx value> "flowToken" = <flowtoken value> "hpgrequestid" = <sessionId value> }after POSTing that, the app is verified.
In the GUI that's the moment when pressing YES confirming the app when manually going through the device code flow