1

I'm developing something using Microsoft Graph. At first, just some permission is given. But I found it's not enough. I added more permission. But it seems it's not working. Because after I log in, the Authorization web doesn't come out

I'm following the steps here to use Microsoft Graph. and I'm using ADv1

I've added "User.ReadBasic.All".

I'm trying to get information by "/users?$select=displayName,userPrincipalName". The error is as below

BotFrameworkAdapter.processActivity(): 500 ERROR - [object Object]
botFrameworkAdapter.ts:607
(node:1752) UnhandledPromiseRejectionWarning: Error: [object Object]
    at BotFrameworkAdapter.processActivity (c:\Users\XXXXXX\src\botFrameworkAdapter.ts:608:19)
    at process._tickCallback (internal/process/next_tick.js:68:7)
warning.js:18
(node:1752) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
warning.js:18
(node:1752) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
Jeff_hu
  • 417
  • 4
  • 15
  • This question is too vague to be answered. What specific permissions have been granted? What is the error message? Please embed the connection code in the answer. –  Jul 17 '19 at 02:39
  • sorry. I`ve just updated it – Jeff_hu Jul 17 '19 at 03:01
  • After updating the permissions, users and/or admins will have to consent again. Have you done it? https://i.stack.imgur.com/o3wY7.png – Tony Ju Jul 17 '19 at 03:02
  • Refer to https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent for more details. – Tony Ju Jul 17 '19 at 03:03
  • @CaiyiJu Do you mean click the button of "Grant admin consent for XXX"? Even when permission doesn't need admin authorization? – Jeff_hu Jul 17 '19 at 06:15
  • @Jeff_hu Correct. – Tony Ju Jul 17 '19 at 06:16
  • @Jeff_hu Then the users in the tenant will not ask for consent again. If you don't want this, you can grant user consent again through a URL request. `https://login.microsoftonline.com/{tenant}/oauth2/authorize? client_id={your_client_id} &response_type=code &response_mode=query &resource=https://graph.microsoft.com &state=12345 &prompt=consent` Login with the specific user. – Tony Ju Jul 17 '19 at 06:21
  • 1
    @Jeff_hu You can refer to my answer here https://stackoverflow.com/a/56895445/10504999 – Tony Ju Jul 17 '19 at 06:22
  • I see. Thank you. answer my question. I will choose it as the answer. – Jeff_hu Jul 17 '19 at 06:46

1 Answers1

0

After updating the permissions, users and/or admins will have to consent again.

Click 'Grant admin consent for XXX' to grant admin consent.

enter image description here

Force user consent through a url request

https://login.microsoftonline.com/{tenant}/oauth2/authorize?
client_id={your_client_id}
&response_type=code
&response_mode=query
&resource=https://graph.microsoft.com
&state=12345
&prompt=consent

Refer to this document for more details.

Tony Ju
  • 14,891
  • 3
  • 17
  • 31