none
Authenticating with WAAD results in error "User cannot consent to web app requesting user impersonation as an app permission" RRS feed

  • Question

  • I'm trying to request the following permissions from the user : 
    • Read items in all site collections 
    • Edit or delete items in all site collections 
    • Create or delete items and lists in all site collections 
    • Read your files 
    • Edit or delete your files 
    • Access your organization's directory

    However, I've recently consistently started seeing the following error recently after I give Microsoft my credentials:

    Sorry, but we’re having trouble signing you in.
    We received a bad request.

    Additional technical information:
    Correlation ID: 765fe11c-d972-41ea-a0b0-ae5ece457806
    Timestamp: 2015-01-06 21:05:57Z
    AADSTS90093: User cannot consent to web app requesting user impersonation as an app permission.

    ---

    Notably, I'm only seeing this problem with non-admin Sharepoint users - the issue does not seem to occur for admins, and I see the consent screen as expected with them.

    I have verified that all the users I have tested with have permissions to use the user consent flow, and have tried with a brand new Sharepoint organization's users as well - with the same behavior.

    Any ideas what's going on here? I feel fairly certain that Microsoft has changed something on their end, but it's difficult to debug this issue. Any help/questions/comments greatly appreciated. Thanks! :)

     

    Tuesday, January 6, 2015 9:18 PM

All replies

  • Hi,

     Thanks for Posting.

      We are currently looking into this, will post a reply soon.

    Regards,

    Nithin.Rathnakar

    Wednesday, January 7, 2015 12:45 PM
  • Any update on this? Looks like it has been fixed?

    We had the same issue [also ONLY for non-admin accounts]:

    Correlation ID: 2a373c82-069b-48ef-aa50-1049c3c33450
    Timestamp: 2014-12-19 00:49:34Z

    AADSTS90093: User cannot consent to web app requesting user impersonation as an app permission.

    But now it seems to work fine again - can you please confirm it has been fixed?

    Thanks in advance!

    • Proposed as answer by Vivian_Wang Monday, January 12, 2015 6:12 AM
    Sunday, January 11, 2015 9:19 AM
  • Dear Nithin Rathnakar,

    We are experiencing the same issue again - non admin Sharepoint users are facing this error again.

    Can you confirm that everything's ok on your side?

    =======

    Additional technical information:
    Correlation ID: 7fc03624-fbe7-44c2-a530-b850d301c437
    Timestamp: 2015-06-15 12:01:58Z
    AADSTS90093: User cannot consent to web app requesting user impersonation as an app permission.

    =======

    Best, Pavol.

    Monday, June 15, 2015 12:05 PM
  • Team,

    Any update on this and I am facing this issue.Can you please confirm what was the fix for this?

    Monday, August 17, 2015 9:19 AM
  • This worked for me.

    Read this post about how Microsoft changed the consent to permissions - http://blogs.msdn.com/b/aadgraphteam/archive/2015/03/19/update-to-graph-api-consent-permissions.aspx

    Read this post about which permissions need admin consent - http://blog.beecomedigital.com/2015/06/08/aadsts90093-calling-principal-cannot-consent-due-to-lack-of-permissions/

    The problem in our application was that we have specified delegated permissions which need admin consent and therefore non-admin users get the "AADSTS90093: User cannot consent to web app requesting user impersonation as an app permission." error.

    Changing delegated permission "Access the directory as the signed-in user" to "Sign in and read user profile" for "Windows Azure Active Directory" application solved the problem. If the error still persist, check other permissions in your applications if they need admin consent.

    Monday, December 7, 2015 11:45 AM