1

I have a multi-tenant application on AAD App which requests access to Mail, Calendar and Contacts. The app works successfully for a large number of clients apart from 1.

Any users from this particular client who go through the authorisation flow fail with the following error message:

AADSTS65005: Application 'CLIENT_ID' is requesting permissions that are either invalid or out of date.

I have checked the list of permissions and nothing has changed on the app configuration so at a loss as to why this only happens on this one client.

Yannick Huber
  • 607
  • 2
  • 16
  • 35
Dinesh Copoosamy
  • 13
  • 3
  • Make sure that the client has adequate claims assigned to it be it groups or whatever you use as claims. You can use Azure Active Directory to figure out the differences – Toan Nguyen Jul 30 '18 at 12:04
  • @ToanNguyen - please bear with me - in order to figure out the differences would I need access to the client's Azure Active Directory and where would I check what claims are assigned? – Dinesh Copoosamy Aug 01 '18 at 19:34
  • I would say so, and in addition make sure your app has been registered as one of their AAD applications – Toan Nguyen Aug 01 '18 at 22:02
  • Found that the client had a reference to the app under Enterperise Applications but with a different application id. Once we removed that everything works. Thanks for pointing me in the right direction. – Dinesh Copoosamy Aug 02 '18 at 08:44
  • Your welcome Do you want me to make an answer so that we can close your question? – Toan Nguyen Aug 02 '18 at 09:41
  • That would be great thanks. – Dinesh Copoosamy Aug 03 '18 at 03:40
  • Hi @ToanNguyen, I have this same issue. but it only occur on the first consent. On the second consent it success. I've checked on client's AAD, my app is registered and the ID is correct. Do you have any ideal? – Hiep Lam Dec 07 '18 at 07:43
  • @HiepLam Please check your request to make sure that all parameters pass through the query. I guess that the first request does not have enough details but the second one has. – Toan Nguyen Dec 08 '18 at 08:57
  • @ToanNguyen 2 request are all the same. I’ve use fiddle to make sure all params is corect in querystring. The funny thing is some tenant success for the first tine but some tenants need consent 2 times – Hiep Lam Dec 08 '18 at 09:09
  • @HiepLam, I have the same issue, do you have an idea why! It's been a while since your posted this answer. – Donovan Charpin Feb 02 '22 at 04:17

1 Answers1

2

Please make sure your application registered as one of their ADD applications and its ID is correct

Toan Nguyen
  • 11,263
  • 5
  • 43
  • 59