AADSTS90008:用户或管理员未同意使用ID为该应用程序
AADSTS90008: The user or administrator has not consented to use the application with ID
我正在尝试在这里登录外部租户。我已将以下权限添加到我的应用程序。
但是我遇到了以下错误。但我已经同意了。
AADSTS90008: The user or administrator has not consented to use the application with ID '268a9999-0000-4e61-99f5-020000f777b2'(test.app.test). This happened because application is misconfigured: it must require access to Microsoft Graph by specifying at least 'Sign in and read user profile' permission.\r\nTrace ID: bf014111-2e3f-4c11-1115e-de2fb6951800\r\nCorrelation ID: e0003455-0000-0000-ae4c-2264f23f5747\r\nTimestamp: 2021-12-10 09:24:34Z
我的 azure AzureAD 版本是 v1
以下是解决上述问题的一些解决方法:
- 如果您已授予所有权限您需要确保已授予 Microsoft 图形访问您的应用程序数据的权限(您可以自己做,如果 Azure Active Directory 的设置允许,并且应用程序只需要未经管理员同意的委派权限)或所有用户(需要管理员授予权限)。
- 如果您的应用程序在另一个租户上,则可以按照@amanpreetsingh-msft here 的建议向您的租户授予管理员对 Microsoft Graph 的同意。
Admin Consent via Azure Portal can only be provided for the tenant
where the application is registered in the first place. Users or
Administrators of other tenants cannot consent via Azure Portal and it
has to be done,
- Either when user/administrator accesses the multi-tenant application first time.
- Or by constructing the Admin Consent URL and sharing it with the Administrators of the other tenants.
Below is an example of the Admin Consent URL:
https://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&scope=https://graph.microsoft.com/Calendars.Read https://graph.microsoft.com/Mail.Send&redirect_uri=http://localhost/myapp/permissions&state=12345
更多信息请参考以下链接:
我正在尝试在这里登录外部租户。我已将以下权限添加到我的应用程序。
但是我遇到了以下错误。但我已经同意了。
AADSTS90008: The user or administrator has not consented to use the application with ID '268a9999-0000-4e61-99f5-020000f777b2'(test.app.test). This happened because application is misconfigured: it must require access to Microsoft Graph by specifying at least 'Sign in and read user profile' permission.\r\nTrace ID: bf014111-2e3f-4c11-1115e-de2fb6951800\r\nCorrelation ID: e0003455-0000-0000-ae4c-2264f23f5747\r\nTimestamp: 2021-12-10 09:24:34Z
我的 azure AzureAD 版本是 v1
以下是解决上述问题的一些解决方法:
- 如果您已授予所有权限您需要确保已授予 Microsoft 图形访问您的应用程序数据的权限(您可以自己做,如果 Azure Active Directory 的设置允许,并且应用程序只需要未经管理员同意的委派权限)或所有用户(需要管理员授予权限)。
- 如果您的应用程序在另一个租户上,则可以按照@amanpreetsingh-msft here 的建议向您的租户授予管理员对 Microsoft Graph 的同意。
Admin Consent via Azure Portal can only be provided for the tenant where the application is registered in the first place. Users or Administrators of other tenants cannot consent via Azure Portal and it has to be done,
- Either when user/administrator accesses the multi-tenant application first time.
- Or by constructing the Admin Consent URL and sharing it with the Administrators of the other tenants.
Below is an example of the Admin Consent URL:
https://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&scope=https://graph.microsoft.com/Calendars.Read https://graph.microsoft.com/Mail.Send&redirect_uri=http://localhost/myapp/permissions&state=12345
更多信息请参考以下链接: