0

I'm using jamesmcq's library (https://github.com/jamesmcq/oidc-aad-php-library) to connect and fetch contacts data from Microsoft Dynamics CRM Online with PHP. I have successfully logged in via OAuth and got a token, but when I'm trying to access CRM Web API with the access_token, I got the following Exception:

AADSTS65001: The user or administrator has not consented to use the application with ID 'XXXXXX-XXXXXX-XXXX-XXX-XXXXXXX'. Send an interactive authorization request for this user and resource.

I already found this answer: https://stackoverflow.com/a/34885153/1305261, but I have only access to the new Azure Portal, not the Classic, so I have no idea where can I find the settings that the guy talked about. Besides, I found something similar under the Azure Active Directory menu, and I granted access for all permissions, but the Exception is still there.

Can anyone help me how can I fix this error?

UPDATED: Here's my setup for the app's privileges: enter image description here

Community
  • 1
  • 1
RobbeR
  • 485
  • 6
  • 23

1 Answers1

1

In the new Azure Portal you can access that screen following the next steps:

  1. Azure Active Directory
  2. App registrations
  3. Select your application
  4. Required permissions

enter image description here

From there, you can add a new permission:

enter image description here

UPDATE:

enter image description here

Community
  • 1
  • 1
Federico Jousset
  • 1,661
  • 14
  • 21
  • I think now I have to send an interactive authorization request for this user and resource. I can do it in Azure Portal too? – RobbeR Oct 26 '16 at 14:40
  • Can you update the question an add an screenshot of the permission? Also, what kind of application did you create (Web Application / Native Application)? It has to be a native application in order to work... – Federico Jousset Oct 26 '16 at 14:47
  • What do you mean? Now I can see this on the application overview: Application type: Web app / API. I need a Native type of app to make it work? I will add the screenshot later. Thank you – RobbeR Oct 26 '16 at 15:10
  • When you are creating your application you can select "Web app / API" or "Native". Try to create and configure a new native application and test if you can access the data using it. – Federico Jousset Oct 26 '16 at 15:22
  • OK, I will try. Meanwhile I did the job with the Web service API instead of Web API, but I think this is a short-term solution. Thank you all of your advices – RobbeR Oct 26 '16 at 15:29
  • I created a native app and added the CRM permission, but the issue is still the same: The user or administrator has not consented to use the application with ID 'XXXX-XXXX...'. Send an interactive authorization request for this user and resource. Can you help me what should I do with that? – RobbeR Nov 07 '16 at 11:18
  • 1
    This week I had a similar issue creating an app from the new portal. Do you have access to the classic one? I created it from the classic portal and it started to work... – Federico Jousset Nov 07 '16 at 11:38
  • I figured out, in this case you need to call an URL before you try to fetch the token, this URL is for consent the user to the application permissions. The URL is like that posted here: http://stackoverflow.com/a/40826739/1305261 – RobbeR Dec 12 '16 at 10:13