问题
I am building a SaaS app that will be authenticating users using Azure AD. Let's say I am asking for just 1 delegated permission from user during consent prompt and user accepts it.
Later on my app evolves and need to get more delegated permissions. In that case how do I re-prompt the user with the consent page? I would like do this only once when the permissions are changing.
Do I need to track in my app what permissions each user has consented to and then determine to add the prompt=admin_consent query parameter while redirecting to the auth page?
回答1:
The prompt=admin_consent is used when an administrator needs to provide consent for their organization. If you just require the users’s consent, you use prompt=consent.
Another way is that you can redirect to the login page to add the prompt parameter to re-consent when the app get the exception because the lack of permission to call the new API.
You could also consider use the V2.0 endpoint which support the incremental and dynamic consent.
Here is the document about Azure AD V2.0 endpoint for your reference.
来源:https://stackoverflow.com/questions/39582510/azure-ad-prompt-user-admin-to-re-consent-after-changing-application-permissions