问题描述

我们正在做

有什么问题?

管理员必须同意这些权限.您应该向 Azure AD 发出包含参数 prompt=admin_consent 的授权请求.

如文档

We're doing this CRM Web API project. The project logs-into Dynamics CRM online instance and gets the list of accounts.

The login seems to be happening fine.However, the accounts listing is giving the below error:

The permissions are properly set:

What is the problem?

An admin must consent to the permissions. You should make an authorization request to Azure AD that includes the parameter prompt=admin_consent.

As in the documentation here, the prompt parameter can have 3 values: login, consent, or admin_consent.

So, you should go to a URL such as https://login.microsoftonline.com/tenant-id/oauth2/authorize?client_id=app-client-id&redirect_uri=encoded-reply-url&response_type=code&prompt=admin_consent.

Replace tenant-id with your Azure AD tenant id/domain name, or common if your app is multi-tenant. Replace app-client-id with your app's client id. Replace encoded-reply-url with a URL-encoded reply URL of your app.

An easier way of constructing the URL you need is to go through authentication and just grab the URL in the address bar when you hit Azure AD. Then just add &prompt=admin_consent to the URL.

EDIT: With the newest update to the Azure Portal came the ability to grant permissions from the portal directly.

If you go to Azure Active Directory in the new portal, find your app registration there and click Grant Permissions under the Required permissions blade.

这篇关于用户或管理员未同意使用该应用程序 - 为此用户和资源发送交互式授权请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！