Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

AADSTS65001: The user or administrator has not consented to use the application with ID

Copper Contributor

Trying to create a simple SPA and call a Rest API in Azure, and I am getting InteractionRequiredAuthError: AADSTS65001: The user or administrator has not consented to use the application with ID 'xxx' named 'MySpaApp'. Send an interactive authorization request for this user and resource.

 

Did the following:

 

  • Registered the REST Api application
  • Added permission for MyRestApi.Tasks.Get, its status is Granted for my users
  • Added a scope for Tasks.Get
  • Added a client application using the SPA application's Client Id

 

  • Registered the SPA application
  • URI is http://localhost
  • Implicit grant and hybrid flows:
  • --Access tokens checked
  • --ID tokens checked
  • --Supported account types: any organizational directory
  • --API Permissions, added MyRestApi.Tasks.Get

 

  • In Enterprise Applications, MySpaApp, clicked Grant Admin Consent for my users

 

  • Went back to MySpaApp, and verified that Tasks.Get has been granted

 

  • From MySpaApp, if I call msal.acquireTokenSilent with "Tasks.Get" for scope, I get: The user or administrator has not consented to use the application with ID 'xxx' named 'MySpApp'. Send an interactive authorization request for this user and resource.

 

  • If I call call msal.acquireTokenSilent with "User.Read" for scope, I get back a token.

Any further ideas on troubleshooting?

1 Reply

This is resolved. In the msal request, for client id, I used the app id for the Rest Api, rather than the app id for the SPA.