OAuth2 with Azure AD - Not getting user consent

Question

I am trying to get the OAuth2 workflow to perform correctly for Azure AD. I am following the directions from this source: https://msdn.microsoft.com/en-us/library/azure/dn64

Answer 1

Try giving resource as 'https://graph.windows.net' in the post request.

It worked for me.

Answer 2

The problem you are running in to is that the tenant you are using to access your app has not added your application to the list of applications that are supported. It's telling you to use the interactive flow as an administrator.

Consent is a two step process:

1) First, the administrator of the tenant must approve the app. This can be done either 1) in the Azure portal of the tenant wishing to use the app or 2) by launching the app and using admin credentials against the app when you sign in.

Example of the Azure portal approval:

_{(source: azurecomcdn.net)}

2) Second, any additional user (non-admin) will be promoted to consent for their individual information when using the app for the first time after the admin has consented that the app can be used.

Answer 3

Make sure your Azure AD settings allow adding such apps. There are couple of properties under Azure AD Application > Manage > User settings that affect how the app is registered. Someone in your organization may have turned app registration off altogether, or limited the options severely. You could check these settings out. There are couple of solutions available here for this question.