Friday, August 28, 2015

AADSTS65001: No permission to access user information is configured for xxx' application, or it is expired or revoked

Recently, I had built an AAD application in my tenant with the permission “Enable single sign-on and read user’s profile”.

The application didn’t have admin consent so any time a user would login to my site, he would be asked for consent. I had some users who had consented to my app.

After some time, I added another permission “Access Azure Service Management” to my app and I was able to login fine. Users who had never consented to my app earlier could also sign in. However, users who had already consented to my app before I added the new permission started seeing this error “AADSTS65001: No permission to access user information is configured for xxx' application, or it is expired or revoked. “

I was really confused why the app works for some users but not for others.

After understanding the pattern that the error occurs only for users who had already consented, I asked them to perform the following work around:

  1. Go to https://myapps.microsoft.com
  2. Remove the app
  3. Sign in again to the app in a fresh browser session
  4. Now you will see the consent prompt for two permission
  5. Grant consent   

After this, all users were able to login successfully.