AADSTS65001: The user or administrator has not consented to use the application with ID <app-id>
I'm developing an Angular + Flask application that uses Microsoft's OAuth2 (On-Behalf-Of-User Flow). I'm trying to call an API from the backend, but I get an exception.
Here is the configuration in app.module.ts:
export function MSALInstanceFactory(): IPublicClientApplication {
return new PublicClientApplication({
auth: {
clientId: '<application_id_of_spa>',
authority: 'https://login.microsoftonline.com/organizations',
redirectUri: 'http://localhost:4200/'
},
cache: {
cacheLocation: BrowserCacheLocation.LocalStorage,
storeAuthStateInCookie: isIE,
},
system: {
loggerOptions: {
loggerCallback,
logLevel: LogLevel.Info,
piiLoggingEnabled: false
}
}
});
}
export function MSALInterceptorConfigFactory(): MsalInterceptorConfiguration {
const protectedResourceMap = new Map<string, Array<string>>();
protectedResourceMap.set('https://graph.microsoft.com/v1.0/me', ['user.read']);
protectedResourceMap.set('https://api.powerbi.com/v1.0/myorg/', ['https://analysis.windows.net/powerbi/api/.default']);
protectedResourceMap.set('http://localhost:5000/api/v1.0/get_workspaces',['api://<application_id_of_webapi>/.default'])
return {
interactionType: InteractionType.Popup,
protectedResourceMap
};
}
export function MSALGuardConfigFactory(): MsalGuardConfiguration {
return {
interactionType: InteractionType.Popup,
authRequest: {
scopes: ['api://<application_id_of_webapi>/.default'],
},
};
}
Then I used acquireTokenPopup msal function to get an access token.
And then I call my backend API like this:
this.http.get('http://localhost:5000/api/v1.0/get_workspaces')
My Flask web API:
@app.route('/api/v1.0/get_workspaces', methods=['GET'])
def get():
current_access_token = request.headers.get("Authorization", None)
msal_client = msal.ConfidentialClientApplication(
client_id=app.config['CLIENT_ID'],
authority=app.config['AUTHORITY'],
client_credential=app.config['CLIENT_SECRET'])
# acquire token on behalf of the user that called this API
arm_resource_access_token = msal_client.acquire_token_on_behalf_of(
user_assertion=current_access_token.split(' ')[1],
scopes=app.config['SCOPE']
)
print( arm_resource_access_token) /////////////////// ******* I'm getting the error here
headers = {
'Authorization': arm_resource_access_token['token_type'] + ' ' + arm_resource_access_token['access_token']}
workspaces= requests.get(app.config['ENDPOINT'] + 'workspaces', headers = headers).json()
print(workspaces)
return jsonify(workspaces)
In my angular console, I'm getting this:
In my Flask terminal I'm getting this:
AADSTS65001: The user or administrator has not consented to use the application with ID <webapi_ app_id>.
In Azure portal, I registered both spa and web API:
I exposed the API on my backend, and added it in my frontend registration.
And I add my spa app_id on the Authorized client applications.
AADSTS65001: The user or administrator has not consented to use the application
This error usually occurs when you missed granting admin consent to the added scope while retrieving access token.
To resolve the error, please check whether you exposed the API like below:
Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your App -> Expose an API
After exposing the API, make sure to grant API permissions for it like below:
Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your App -> API permissions -> Add a permission -> My APIs -> Your API
After adding API permissions, make sure to grant admin consent if it is required.
As you are trying to get access token, please check whether you enabled the below options:
Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your App -> Authentication
Please check the below links if error still persists:
UPDATE:
As mentioned by you in the comment, make sure to add your client application to known client applications list
- angular 19 - APP_INITIALIZER deprecation
- Accessing an Angular application from devices from same network
- Angular - Issue with routerLink and state
- HTTP GET throws TypeError: Cannot read properties of undefined (reading 'length')
- how to change angular stepper progress color when next step active
- How to set providers in Angular v19 SSR?
- @Output in child component is undefined when trying to emit Angular v17
- Why does instanceof Observable return false in my tests?
- Scrolling disappeared in angular ionic
- Unable to make text bold in SVG
- Consuming multiple properties via @Input() decorator in Angular 2
- How to add a number by pressing the button
- NgIf and zero: Why is the template not being rendered?
- Angular computed signal in component does not update when service signal changes
- How to set CKEditor 5 height
- The callback was already called for LoaderRunner due to bootstrap version ^3.4.1
- HttpContextToken always false while using HttpInterceptorFn
- Why does the navbar not take the theme I am trying to assign
- 'imports' is only valid on a component that is standalone
- NX Unable to complete project graph creation. Worker stopped with exit code: 1
- Angular update 8 to 14 makes [hidden] not working anymore
- Angular 17 - In @if syntax, how to store returned value from a function in a variable and use it in the same @if block
- Angular 18 MatDialog panelClass styles not applying after upgrade from Angular 14
- Angular: ng-content doesn't render with *ngIf then else
- How to change Background Color of mat-chip of Angular Material 18
- How to exclude a library from Angular's cache?
- find function isn't working properly in angular and firebase
- How to get rid of "Imports array contains unused imports(-998113)"
- How can I show elements from an array
- How can I conditionally disable the routerLink attribute?