@Edward Koval I got the error post login when trying the OIDC example for ADAL https://github.com/Azure-Samples/active-directory-java-webapp-openidconnect/tree/master

Any idea where I can change the permissions for my app.

@anotherrohit The repo has been archived and that is for Graph API, which may be different from Graph Security API. You can also check out our Graph Security API's Quickstart samples that have authentication examples in C#, Python, Nodejs.  Let us know if you still run into the issue.

Hi Ediward, 

I recently implemented MS OAuth into the login system of my application.

The thing is when my server sends a request to https://graph.microsoft.com/v1.0/me with an access_token, it throws 403: Forbidden error.
What I have figured out so far is that the access token is valid as I checked in www.jwt.ms and it seems that the error is thrown only when a user's account is a school associated Microsoft account. (I myself tried logging in through my school account and it failed but other personal accounts worked just fine)

I would appreciate your insights regard this issue

@Edward Koval 

Hey @sssaang I figured this out. The reason why you're getting a 403 is that the organization (your school) has not granted consent to your application. So there are likely 3 MSFT Graph APIs that required administrator consent: Sign users in, View user' basic profile, and maintain access to your data. My guess is that they're all delegated to the admin role to consent.

So likely you need to open up a ticket with whoever manages that Azure AD/Office 365 account and ask them to "Grant Admin Consent for <YOUR_APP> to everyone.

TL;DR there's nothing wrong with your app, it's the school/org that needs to allow it.

I hope this helps.