Issue
Trying to get an access token for Azure SQL Database using scope windows.database.net/user_impersonation.
I am sending the request to https://login.microsoftonline.com/{tenant_name}/oauth2/v2.0/token
The request is working successfully when the scope is storage.azure.com/user_impersonation. I think this is because I have granted access to this scope in the API permissions for my application. However, when requesting the scope 'https://database.windows.net/user_impersonation' the response is: AADSTS65001: The user or administrator has not consented to use the application with ID
Except I cannot find this permission in the API permissions section for my application in the Azure portal. How do I grant access?
Solution
Thank you @Gaurav Mantri for your valuable suggestion. Posting your suggestion as an answer to help other community members.
AADSTS65001: The user or administrator has not consented to use the application with ID
This error usually occurs if you don’t have valid API permissions at scope level. If you are trying to get access token for Azure SQL Database, you must enable API permissions of scope: windows.database.net/user_impersonation.
To find those permissions, follow below steps:
Go to Azure Portal -> Azure AD -> App Registrations -> Your Application -> API Permissions
If you don’t find Azure SQL Database in those APIs, you must expose that API.
After adding that permission, you can avoid that error and can get access token.
If you cannot find those API permissions, instead of searching ‘SQL’ try “Azure SQL” as Azure Portal supports only Begins With filter!
For more in detail, please refer below links:
https://blog.hompus.nl/2017/03/25/missing-azure-apis-when-adding-permissions-to-an-azure-ad-app/
Answered By - RukminiMr-MT Answer Checked By - Robin (PHPFixing Admin)
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.