3

Since 18th of May 2018 the button to grant permissions button in Azure (used as admin to give permission to application roles for all users) stopped working.

  • I am global administrator on the AD
  • It worked before

AAD error details: "Failed to grant permissions for application [application name]"

Error json:

{"errorCode":"Request_BadRequest","localizedErrorDetails":{"errorDetail":"Consent validation failed: "},"operationResults":null,"timeStampUtc":"2018-05-28T17:56:43.765787Z","clientRequestId":"1c1cad98-7731-45bf-8d78-8465ffdf902f","internalTransactionId":"42926dde-51de-451c-aae8-a186167197e8","upn":"f.dd@dd.be","tenantId":"f0000d-9eb0-473e-9646-ceggf5d47c69d","userObjectId":null}

I have no idea what has been changed since that day. Steps to reproduce:

  • In App registrations under Azure active directory
  • Modify the manifest and add a new application role to the API app
  • Give permission to a client app for that application role
  • Click "grant permission" in the upper right corner
MichaelK
  • 373
  • 2
  • 7
  • What permission do you grant ? Is this API or product license has been expired? – Wayne Yang May 29 '18 at 01:13
  • @WayneYang-MSFT Azure AD cannot be expired i think. The permissions a want to grant are "Application permissions" specified in the Manifest of the registered app in Approles in Azure. The granting worked before but stopped suddenly. I can't remember i changed something in the portal. – MichaelK May 29 '18 at 06:16
  • I mean that the the required permissions API,just like Microsoft Graph , not AAD. For example. If you have Sharepoint Online license.You can use Office 365 Sharepoint online API and add this as required permissions. What kind of API are you using. – Wayne Yang May 29 '18 at 06:28
  • @WayneYang-MSFT a custom made api of my own. In a first registered app the application permissions are set. In a second registered app i can select these permissions. After that you need to grant permissions for all users. It is this final step which is not working anymore. – MichaelK May 29 '18 at 06:43
  • Hi @mike, That makes sense. I assume that it may casued by your Server Web API. Have you checked if it runs well? – Wayne Yang May 29 '18 at 07:49
  • @WayneYang-MSFT it runs fine without issues. I don't think the "grant permission" button is related to the running web application. It grants permissions in azure. – MichaelK May 29 '18 at 08:24

1 Answers1

3

In Azure Active Directory, Go to App Registrations, select the app where you want to add the rights to, go to Settings, Required Permissions and select the API which is giving you grief and delete it.

After that, add it again, and it should work now.

Jani
  • 148
  • 5
  • To add a note... delete ALL APIs then re add them all back. An existing one was giving me grief to a new API i could not grant. – felickz Apr 17 '19 at 05:15