re-consent | Consent-management browser extension | Browser Plugin library
kandi X-RAY | re-consent Summary
kandi X-RAY | re-consent Summary
Consent-management browser extension
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of re-consent
re-consent Key Features
re-consent Examples and Code Snippets
Community Discussions
Trending Discussions on re-consent
QUESTION
I have a registered App which requires several application permissions (getting them through Admin Consent flow).
The app is multi-tenant and is already serving a lot of users.
Now I would like to add some more permissions to what the App is requesting and I just want to make sure that adding these permissions won't effect my current users that are using the app.
I understand that in order for the new permissions to apply on existing users, their corresponding organizations admins will have to re-consent, but other than that, I would like to make sure (cant find it in docs) that current users will still be able to use the app the same way as they did before (without the features that requires the new permissions).
Is that really the case? nothing won't 'stop working' because of the permissions change?
...ANSWER
Answered 2020-Jun-21 at 15:43When you add permissions to an app registration, previous consents do not get revoked. however depending on the scopes that your app requests, it may force a new consent window to appear. since you are using application permissions, regular users cannot consent to the permissions. for example if your client is requesting a .default scope, then it will try to get all the permissions specified in the api permissions, which would include the new permission (that needs consent). if your token requests only include the old permissions in the scope, then nothing should change. https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#example-3-the-user-has-consented-and-the-client-requests-additional-scopes
But, I don't believe that the application will fail even if consent hasn't been given to the new application permissions, but it will fail to receive the new scopes if requested. and any resulting function that uses those additional permissions will fail, until an admin consents to those new permissions.
QUESTION
I have got a scenario where I would like to retrieve calendar bookings/meetings from Exchange using Graph APIs. These meetings should only be available in the application running on control/touch panel located in that room. In order to do that, I have registered an App in Azure AD and using MSAL's .NET PublicClientApplication with necessary API permission i.e. Calendars.Read which requires Admin consent and I am using Device code flow in the application which generates a code whenever I try to run the app.
I see that it's also possible to configure a ConfidentialClient which acts on behalf of application and not the user. Also, this requires a pre-consent from Admin.
Question :
- Not sure which type of authentication mechanism is best suitable in this Scenario ?
- Is it possible to make API permissions for e.g. "Calendars.Read" to work for a specific account? Like in this case just for that room
ANSWER
Answered 2020-Mar-05 at 02:08Not sure which type of authentication mechanism is best suitable in this Scenario ?
I think both of them could meet your requirement, for the security, I recommend you to use the option one. Something you should note, if you are using the delegated permission Calendars.Read with auth code flow, the user need to log in the App, then the app do operations on behalf of the user, essentially the permission comes from the user.
If you use the application permission Calendars.Read, it uses the client credential flow, the permission comes from the application, it means everyone in the room can use the application to retrieve calendar bookings/meetings.
Is it possible to make API permissions for e.g. "Calendars.Read" to work for a specific account? Like in this case just for that room
No, you could not make the API permission to work just for a specific account.
QUESTION
I'm using the v1 Azure AD auth URLs (/common/oauth2/authorize) for a multi-tenant app that requires admin_consent.
I've attempted to add a new scope Directory.AccessAsUser.All. It is the first 'delegated' permission I'm requesting when all my other scopes are 'application' level permissions.
When I added that new delegated scope and prompted the admin to re-consent, the other scopes disappeared from the returned AccessToken and the responses scope parameter. Only Directory.AccessAsUser.All is present in the access_token scp field.
Is there any reason this behavior would occur? I'm positive that we are promoting for admin_consent and that an admin is the one consenting.
ANSWER
Answered 2018-Jun-21 at 18:03The scopes specified in the scp will depend on which OAUTH flow you used to obtain the token. You cannot have a single access_token with both Delegated and Application scopes.
Application scopes are applied when using the Client Credentials flow (
client_credentials).Delegated scopes are applied when using either Authorization Code or Implicit flows (
authorization_codeorimplicit).
Update: I've written a more in-depth post about this topic that might help folks facing similar issues: Application vs Delegated Scopes.
QUESTION
I use the following PowerShell code to access MS Graph API.
...ANSWER
Answered 2017-Nov-24 at 20:34Per the documentation (see the important note at the beginning of the topic), for CSP pre-consent, only Directory and Intune resources in Microsoft Graph supports the partner model. Over time, more resources will support the partner/CSP model. Please create a request for this on UserVoice if this is important to you.
Hope this helps,
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install re-consent
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
