How can I test if admin consent has already been given

Question

We are developing an Office Add-in that authenticates with an organisational account to Azure AD. The Add-in needs administrative consent. So if an administrator is logged o

Answer 1

IMHO, the custom implementation would be a better choice for your usecase

The steps could be the following

1. User Logs in for the 1st time
2. Your App / Add-in checks the consent in the internal memory / db
3. No Consent will be found, which will redirect the user to the consent page in Azure AD

4. After the user approves of his admin access, we typically get the status in the response back from Azure AD like the one below,

   GET http://localhost/myapp/permissions?tenant=a8990e1f-ff32-408a-9f8e-78d3b9139b95&state=state=12345&admin_consent=True

5. The App now stores the admin consent grant status in the DB.

6. In case in later point of time, the app / add-in needs more permissions, just flush out the stored value for the consent and the users so that the next login takes care to ensure that they agree to the new consent. The new consent request will be sending additional scopes to the AD which will in turn be shown to the user in the consent page.

In case of reading more about the steps, please click here