Using MSAL for admin consent authentication

[shon2789]

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.0.2

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

2.02

Public or Confidential Client?

Public

Description

I want to let the user authenticate with a pop-up and not redirecting him to Microsoft site from the current page that he is on.
So I tried to implement pop-up authentication for admin consent with MSAL, but I didn't find a way to make the configuration support admin consent.

This is our current configuration, I'd like to achieve something similar using MSAL-react.

I'm currently using an admin consent flow to acquire consent from customers, afterwards we are using the https://login.microsoftonline.com/$%7BtenantId%7D/oauth2/v2.0/token to generate access tokens using the customer's tenantId

Our current consent part, looks like this:

const url = `https://login.microsoftonline.com/common/adminconsent?`
  const params = new URLSearchParams()
  params.append('prompt', 'admin_consent')
  params.append('redirect_uri', encodeURI(getCallbackUrl(app)))
  params.append('response_type', 'code')
  params.append('client_id', clientId)
  params.append('state', state || '')

  return url + params 

When we have request redirected from Microsoft we're getiing the tenantId and we're able to generate a token using that tenantId.

Does MSAL support admin consent authentication?
If so, can you direct me to how to configure it properly?

MSAL Configuration

{
  auth: {
    clientId: 'clientId',
    authority: `https://login.microsoftonline.com/common`,
    redirectUri: 'redirectUri'
  }
}

Relevant Code Snippets

const TestComponent = () => {
  const { instance } = useMsal()
  const loginRequest: PopupRequest = {
    scopes: [
      // 'Application.ReadWrite.OwnedBy',
      'Application.ReadWrite.All',
      'Directory.Read.All',
      'User.Read.All',
      'Sites.ReadWrite.All',
      'Files.ReadWrite.All',
      // 'ActivityFeed.ReadDlp',
      // 'ActivityFeed.Read',
      'Sites.FullControl.All'
    ],
    state: 'someString',
    prompt: 'consent'
  }

  const handleLogin = async () => {
    try {
      const test = await instance.acquireTokenPopup(loginRequest)
      console.log(test)
    } catch (e) {
      console.log(e)
    }
  }
  return <DcButton onClick={() => handleLogin()}>This is test</DcButton>
}

Identity Provider

Azure AD / MSA

Source

External (Customer)

[lalimasharda]

Hey @shon2789 , can you check if you have you setup admin consent for these scopes on Azure Portal in your app registration? Please take a look at this issue for reference.

[microsoft-github-policy-service]

@shon2789 This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.