1

I am trying to request consent for 'IMAP.AccessAsUser.All' permission from user, so that my app can access the user's inbox via OAuth2.

But when i request for permission I get the following error. See attached image.

The application asked for scope 'IMAP.AccessAsUser.All' that does not exist on resource.

Below is the url of the consent link. Could someone help with how I can get consent for this permission 'IMAP.AccessAsUser.All'chan

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=b0eb0e00-ec46-4df8-a710-491468ed4f37
&response_type=code
&redirect_uri=https%3A%2F%2Fimap.mailboxsync.test.com%2Fredirect%2F
&response_mode=query
&scope=openid%20offline_access%20https%3A%2F%2Foutlook.office365.com%2FIMAP.AccessAsUser.All
&state=12345
Joy Wang
  • 39,905
  • 3
  • 30
  • 54
bala
  • 311
  • 3
  • 11

1 Answers1

2

I can reproduce your issue, you need to add the API permission as below.

Navigate to the Azure Active Directory -> App Registration in the portal, find your app. Follow the screenshot below.

enter image description here

enter image description here

Joy Wang
  • 39,905
  • 3
  • 30
  • 54
  • Thanks. After doing 'Grant admin consent' step, I was able to login as a user and provide consent. But do you know why we need this step. In other app, that I have worked on before, have not done this step. Only the user would provide consent via the oauth2 consent flow. Also though the user consent flow worked and am able to get access token using the authorization code, I am not able to use OAUTH2 + IMAP. I am getting 'Authentication Failed' when I use IMAP with Oauth2 access token. I guess it is due to https://stackoverflow.com/questions/29747477/imap-auth-in-office-365-using-oauth2 – bala Nov 19 '19 at 09:46
  • 1
    @bala This step is not necessary, if you don't click the button, when the normal user login the app, the app will ask for permission. If you click the button as admin, it means you consent to this app on behalf of all tenant users, then when the user login, it will not ask for consent permission again. – Joy Wang Nov 19 '19 at 09:50