Providing Admin Consent To Azure Registered Application

 

It has been a few weeks since I drafted anything. So, all this time, I was busy learning new things, including Dynamics 365, Graph API, MS Teams, some of the Azure services, and much more. Basically, this entire tenure was full of ups and downs where some things went very smooth and some things took many hours to get sorted.

 

But now, I am back with so much on my plate and of course, my next few posts would be majorly on troubleshooting part and how-tos. Maybe there will be similar solutions that you can find on the internet, but I would still love to add it to my own blog with my own findings for personal future reference.

 

With all this in mind, let's get started with our first troubleshooting scenario.

 

 

The requirement was about adding a new Task in Planner, which is part of Office 365. Now for any adding Task, we have to traverse through Groups, then Bucket, and then inside any defined Bucket we can create a Task. In order to perform all these, authentication and token generation parts have to be in place because using JWT tokens only we are going to interact with our application, which is registered via App Registrations under the Azure portal. Here is the snapshot of how API permissions look like after registration of app:

 

 

Now with everything in place, when I tried to launch my application from Visual Studio, I got the below error:

 

 

This means that in order to access the registered application, few consents are required. Now how can we provide this consent and what is this consent required for?

 

 

If you will closely, you can see the first screenshot has API permissions. You will notice that for performing the Read and WriteAll operations under Microsoft Graph, Admin consent is required, but it is not granted (Just to brief you on these Read/WriteAll, these are required in order to perform any operations under Planner).

 

So, how do you provide this consent and who will provide this?

 

 

Well, this consent would be provided by the admin of the application by simply hitting an URL in his browser. This URL would contain TenantId as well as ClientId as follows:

https://login.microsoftonline.com/<TenantId>/adminconsent?client_id=<ClientId>

 

So, as soon as proper URL is entered into the browser, the below dialog will pop up:

 

 

As soon as Admin clicks on the Accept button, all the consents would be granted and this can be verified by going back to API permissions page on the Azure portal as shown below.

 

 

Happy troubleshooting!