I got the error when trying to get an access key for one of our APIs. "AADSTS65001: The user or administrator has not consented to use the application with ID '{GUID}'
First, I was trying to prompt=consent during login, thinking that I had new consents that weren't prompted during login. And I got the following error. "AADSTS65005: The application '{GUID}' asked for permissions to access a resource that has been removed or is no longer available. Contact the app vendor." I removed prompt=consent and started fiddling with the permissions in Azure, and now I was stuck on the same error.
I changed everything as it was, but I still get the error. However, this only happens to my user. Everyone else can still log in without problems.
So my problem is actually in two parts:
The first error when trying to get an access token for the API. Somehow I need to prompt the user with consent, but I am using adal.js which uses a silent retrieval of the keys using an invisible iframe. I want the support to be when the user logs into the web app. Is this possible?
My user can't log in to our web app anymore. Everyone else can. Did anyone encounter this before?
The product is a SPA Web App written in React, and we use adal.js (adal-vanilla) as a library for authentication to Azure AD.
Update I finally got some stuff working. Not all the way, but at least it's a start.
The problem is that users from other tenants don't get a consent prompt to access the API.
Somehow the issue got fixed. I'm not 100% sure how or why but here are the steps I performed to fix it if someone finds themselves in a similar situation:
Ensure that all permissions are correct (APIs are added as delegated permissions to the client)
All services (web app & apis) are multi-tenant
Update manifest with:
"availableToOtherTenants": true,
"knownClientApplications": [
"{client app application id}"
],
(availableToOtherTenants was false for the API even though it was marked as multi-tenant in the settings)