[BUG] Using -a switch on aad-app-reg.sh to grant admin consent fails
See original GitHub issueRunning aad-app-reg.sh with the -a
switch fails with the error message below. It appears the failure occurs during the granting of the admin consent. The app registration for the API is successfully created, but admin consent is not granted. There is no Swagger UI app created.
Steps to reproduce
- Run the script with the following command line:
./aad-app-reg.sh -n aztrehack23 -r https://aztrehack23.eastus2.cloudapp.azure.com/oidc-redirect -a
- Observe error message below
- In AAD, the API app registration (and enterprise app) are created, but no admin consent is granted.
Bad Request({“ClassName”:“Microsoft.Portal.Framework.Exceptions.ClientException”,“Message”:“Graph call failed with httpCode=BadRequest, errorCode=Request_BadRequest, errorMessage=Application ‘c111e4d6-4b89-4462-8790-9dc7891f9bb4’ is requesting permissions that are either invalid or out of date., reason=Bad Request, correlationId = 1ad6c585-e959-4424-9045-81667e1fd014, response = {"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Application ‘c111e4d6-4b89-4462-8790-9dc7891f9bb4’ is requesting permissions that are either invalid or out of date."},"requestId":"018a2378-c3db-40e6-ad6d-90d75f19671f","date":"2021-09-09T13:39:29"}}”,“Data”:{},“HResult”:-2146233088,“XMsServerRequestId”:null,“Source”:null,“HttpStatusCode”:400,“ClientData”:{“errorCode”:“Request_BadRequest”,“localizedErrorDetails”:{“errorDetail”:“Application ‘c111e4d6-4b89-4462-8790-9dc7891f9bb4’ is requesting permissions that are either invalid or out of date.”},“operationResults”:null,“timeStampUtc”:“2021-09-09T13:39:29.1748809Z”,“clientRequestId”:“1ad6c585-e959-4424-9045-81667e1fd014”,“internalTransactionId”:“d0201830-422e-4467-98c3-64d5a1deccd1”,“tenantId”:“6c7dbaa5-c725-4e29-a340-123bdf8d0049”,“userObjectId”:“6e41d2a3-ec8f-417d-9fe4-e2f29db038c7”,“exceptionType”:“AADGraphException”}})
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (6 by maintainers)
Top GitHub Comments
I managed to reproduce the error. I’m not sure about the root cause yet, but I think it might have something to do with the newly created app not being ready. Re-running the script succeeds.
EDIT: Tested by adding
sleep
beforeaz ad app permission admin-consent ...
and it did get rid of the error. Now I just have to find a nice way to poll the status before executing the step to fix the problem.I am a Global Admin in the tenant where this occurred.