microsoft-authentication-library-for-js icon indicating copy to clipboard operation
microsoft-authentication-library-for-js copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

provide method for admin consent request

Open derisen opened this issue 5 years ago • 11 comments

Please follow the issue template below. Failure to do so will result in a delay in answering your question.

Library

Description

Please describe the functionality or improvement you would like to see added.

A common task with multi-tenant applications is to obtain admin consent for certain delegated permissions:

// Line breaks are for legibility only.
GET https://login.microsoftonline.com/{tenant}/v2.0/adminconsent?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&state=12345
&redirect_uri=http://localhost/myapp/permissions
&scope=
https://graph.microsoft.com/calendars.read
https://graph.microsoft.com/mail.send

Since the task is repetitive and constructing the request url manually is error prone, it would be helpful for users if the library were to offer a method for this.

derisen avatar May 11 '20 14:05 derisen

How are we supposed to get admin-consent with MSAL? I am struggling to find any docs

cvburgess avatar Aug 26 '20 16:08 cvburgess

@cvburgess could you please check out the samples here.

derisen avatar Aug 26 '20 17:08 derisen

This is the approach i took: manually concatantaing the URL based on piecing together the docs around the web... but this seems crazy to me knowing MSAL has a fn for making the URL and it just does not support this at all.

Is there a reason MSAL only makes some URLs and not URLs that require admin consent?

cvburgess avatar Sep 01 '20 12:09 cvburgess

Is there a reason MSAL only makes some URLs and not URLs that require admin consent?

Frankly, there hasn't been a large demand, and we have other features that were higher priority. That said, this is a feature we would like to add at some point, which is why I requested @derisen open this feature request to track it.

jasonnutter avatar Sep 01 '20 17:09 jasonnutter

Awesome, well if i can help i gladly will.

The code i wrote on our end it working without issue thus far, so it should be pretty simple!

cvburgess avatar Sep 03 '20 19:09 cvburgess

the adminconsent endpoint doesnt seem to return a code for acquireTokenByCode even though that param is set. Does that enpoint not support it?

cvburgess avatar Sep 07 '20 22:09 cvburgess

cc @salman90

sameerag avatar Apr 02 '22 04:04 sameerag

@jasonnutter we also need this, what is the best place in the lib for this to land, is there already a GenerateUrlForLogin some where? Then I’ll submit a PR soon.

svrooij avatar Apr 14 '22 21:04 svrooij

@svrooij We'll be discussing this feature request internally to determine if/where/how we will support it and follow up.

jasonnutter avatar Apr 15 '22 23:04 jasonnutter

any update for admin consent requests?

capc0 avatar Oct 25 '22 09:10 capc0