Search code examples

Azure Data Lake Storage Gen2 access token generation - "AADSTS65001: The user or administrator has not consented to use the application with ID

I'm trying to generate access and refresh tokens to be able to sign in to the Azure Data Lake Storage Gen2 using external application with allows OAuth.

What was done:

  1. Created Storage account using

  2. Created Azure AD application using

  3. Granted admin consent to application from the 2nd step -

  4. Also granted admin consent to enterprise apps with name as the app from step 2

Steps 3 and 4 were done as described here -

Then I generated authorization code<TENANT ID>/oauth2/v2.0/authorize?client_id=<CLIENT ID>&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&

After that I tried to get the token

curl -X POST<TENANT ID>/oauth2/token \
 -F redirect_uri=https://localhost/myapp/ \
 -F grant_type=authorization_code \
 -F resource= \
 -F client_id=<CLIENT ID> \
 -F client_secret=<CLIENT SECRET> \
 -F code=OAQABAAIAAAAP0wLlqdLVToOpA4kwzSnxLhHJrARX8557... (Authorization code)

As a result received the error below

The user or administrator has not consented to use the application with ID
'<CLIENT ID>' named '<APP NAME>'. Send an interactive authorization request 
for this user and resource.\r\nTrace ID: <TRACE ID>\r\nCorrelation ID: 
<CORRELATION ID>\r\nTimestamp: 2019-09-03 13:31:50Z","error_codes":[65001],
"timestamp":"2019-09-03 13:31:50Z","trace_id":"<TRACE ID>",
"correlation_id":"<CORRELATION ID>","suberror":"consent_required"```


  • You got the authorization code by using V2.0 endpoint, but you used v1.0 when you got the token. And the value of resource is not correct.

    Try with below

    Get authorization code<TENANT ID>/oauth2/authorize?client_id=<CLIENT ID>&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&resource=

    get the token

    curl -X POST<TENANT ID>/oauth2/token \
     -F redirect_uri=https://localhost/myapp/ \
     -F grant_type=authorization_code \
     -F resource= \
     -F client_id=<CLIENT ID> \
     -F client_secret=<CLIENT SECRET> \
     -F code=OAQABAAIAAAAP0wLlqdLVToOpA4kwzSnxLhHJrARX8557... (Authorization code)