Recently, I had built an AAD application in my tenant with
the permission “Enable single sign-on and read user’s profile”.
The application didn’t have admin consent so any time a user
would login to my site, he would be asked for consent. I had some users who had
consented to my app.
After some time, I added another permission “Access Azure
Service Management” to my app and I was able to login fine. Users who had never
consented to my app earlier could also sign in. However, users who had already
consented to my app before I added the new permission started seeing this error
“AADSTS65001: No permission to access user information is configured for xxx'
application, or it is expired or revoked. “
I was really confused why the app works for some users but
not for others.
After understanding the pattern that the error occurs only
for users who had already consented, I asked them to perform the following work
around:
- Go to https://myapps.microsoft.com
- Remove the app
- Sign in again to the app in a fresh browser session
- Now you will see the consent prompt for two permission
- Grant consent
After this, all users were able to login successfully.