How can I test if admin consent has already been given

后端 未结 2 1410
陌清茗
陌清茗 2021-01-16 10:35

We are developing an Office Add-in that authenticates with an organisational account to Azure AD. The Add-in needs administrative consent. So if an administrator is logged o

2条回答
  •  伪装坚强ぢ
    2021-01-16 11:24

    IMHO, the custom implementation would be a better choice for your usecase

    The steps could be the following

    1. User Logs in for the 1st time
    2. Your App / Add-in checks the consent in the internal memory / db
    3. No Consent will be found, which will redirect the user to the consent page in Azure AD
    4. After the user approves of his admin access, we typically get the status in the response back from Azure AD like the one below,

      GET http://localhost/myapp/permissions?tenant=a8990e1f-ff32-408a-9f8e-78d3b9139b95&state=state=12345&admin_consent=True

    5. The App now stores the admin consent grant status in the DB.

    6. In case in later point of time, the app / add-in needs more permissions, just flush out the stored value for the consent and the users so that the next login takes care to ensure that they agree to the new consent. The new consent request will be sending additional scopes to the AD which will in turn be shown to the user in the consent page.

    In case of reading more about the steps, please click here

提交回复
热议问题