Recently, I had built an AAD application in my tenant with the permission “Enable single sign-on and read user’s profile”.
The application didn’t have admin consent so any time a user would login to my site, he would be asked for consent. I had some users who had consented to my app.
After some time, I added another permission “Access Azure Service Management” to my app and I was able to login fine. Users who had never consented to my app earlier could also sign in. However, users who had already consented to my app before I added the new permission started seeing this error “AADSTS65001: No permission to access user information is configured for xxx' application, or it is expired or revoked. “
I was really confused why the app works for some users but not for others.
After understanding the pattern that the error occurs only for users who had already consented, I asked them to perform the following work around:
- Go to https://myapps.microsoft.com
- Remove the app
- Sign in again to the app in a fresh browser session
- Now you will see the consent prompt for two permission
- Grant consent
After this, all users were able to login successfully.
Post a Comment