Running into these when requesting consent:
The app needs access to a service that your organization has not subscribed to or enabled.
Please contact your administrator to review the configuration of your service subscriptions
I have a very simple scenario: Multitenent SPA and a Web(API) App Registrations.
My consent URL:
https://login.microsoftonline.com/{otherAD}/v2.0/adminconsent?client_id={SPA-AppId)&scope=api://{API-AppId}/read&redirect_uri=https://localhost&state=12345
My problem was caused by the incorrect scope I was using in my consent URL.
All you need is &scope=.default
No need to spell out the app id twice.
If all you are doing is getting consent for you API, you will only need to consent once.
Also, in your MSAL2 client code:
interactionType: InteractionType.Redirect,
authRequest: {
scopes: [
'.default'
]
}
By setting the scope to default, you wont need to pass around the consent URL, as all users that try to access your app will be prompted for consent unill it is granted