问题
I have a web application that used Azure AD authentication and accesses graph.microsoft.com. We currently do the required application registration in Azure Management Portal, but we want to move to the new App Model V2 with application registration in apps.dev.microsoft.com. This allows us to use scopes that are defined in the application instead of resources defined in the Azure Portal.
However, with exiting App Model, we can define admin-consent so that the admin can give consent to all users. This does not work with App Model V2 and we get the error message:
AADSTS90100: Invalid request. The prompt request parameter value 'admin_consent' is invalid.
How can we use admin consent with app model v2?
回答1:
It is not yet possible to use admin_consent with App Model V2. You need to use the App Model V1 (registration your app in Azure Portal)
Sander
回答2:
Found the answer here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-scopes
The 'admin consent endpoint' has replaced the use of 'admin consent parameter'.
The most basic version is of the url is: https://login.microsoftonline.com/common/adminconsent?client_id=
Tested and working on v2.
来源:https://stackoverflow.com/questions/38123042/admin-consent-not-working-with-app-model-v2