Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[BUG] Using -a switch on aad-app-reg.sh to grant admin consent fails
See original GitHub issueRunning aad-app-reg.sh with the -a switch fails with the error message below. It appears the failure occurs during the granting of the admin consent. The app registration for the API is successfully created, but admin consent is not granted. There is no Swagger UI app created.
Steps to reproduce
- Run the script with the following command line:
./aad-app-reg.sh -n aztrehack23 -r https://aztrehack23.eastus2.cloudapp.azure.com/oidc-redirect -a - Observe error message below
- In AAD, the API app registration (and enterprise app) are created, but no admin consent is granted.
Bad Request({“ClassName”:“Microsoft.Portal.Framework.Exceptions.ClientException”,“Message”:“Graph call failed with httpCode=BadRequest, errorCode=Request_BadRequest, errorMessage=Application ‘c111e4d6-4b89-4462-8790-9dc7891f9bb4’ is requesting permissions that are either invalid or out of date., reason=Bad Request, correlationId = 1ad6c585-e959-4424-9045-81667e1fd014, response = {"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Application ‘c111e4d6-4b89-4462-8790-9dc7891f9bb4’ is requesting permissions that are either invalid or out of date."},"requestId":"018a2378-c3db-40e6-ad6d-90d75f19671f","date":"2021-09-09T13:39:29"}}”,“Data”:{},“HResult”:-2146233088,“XMsServerRequestId”:null,“Source”:null,“HttpStatusCode”:400,“ClientData”:{“errorCode”:“Request_BadRequest”,“localizedErrorDetails”:{“errorDetail”:“Application ‘c111e4d6-4b89-4462-8790-9dc7891f9bb4’ is requesting permissions that are either invalid or out of date.”},“operationResults”:null,“timeStampUtc”:“2021-09-09T13:39:29.1748809Z”,“clientRequestId”:“1ad6c585-e959-4424-9045-81667e1fd014”,“internalTransactionId”:“d0201830-422e-4467-98c3-64d5a1deccd1”,“tenantId”:“6c7dbaa5-c725-4e29-a340-123bdf8d0049”,“userObjectId”:“6e41d2a3-ec8f-417d-9fe4-e2f29db038c7”,“exceptionType”:“AADGraphException”}})
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I managed to reproduce the error. I’m not sure about the root cause yet, but I think it might have something to do with the newly created app not being ready. Re-running the script succeeds.
EDIT: Tested by adding
sleepbeforeaz ad app permission admin-consent ...and it did get rid of the error. Now I just have to find a nice way to poll the status before executing the step to fix the problem.I am a Global Admin in the tenant where this occurred.