I'm trying to figure out how to integrate an external app with Microsoft CDS Web API. The first step would be to try the Wep API with Postman. Following this document I could authenticate and make requests to the API using the client id provided in the document. However, when I try to register my own app in my AAD, I can't get the access token in Postman without having first to request the admin for consent.
I followed the instructions in this document to register the app, plus I allowed implicit flow. A did this in a trial account, where I'm the admin and then I tried retrieving the token with an user of another tenant (where I'm not an admin) it tells me to ask the tenant for consent.
Do you know how to register the app without non-admin users having to request admin consent?
Edit:
The registrated app has the following permissions, where none of them require admin consent:
Screenshot of the selected permission
The tenant which the non admin-users belong to has the following configuration for users being able to consent access:
Screenshot of user settings
Anyway, I assume these last settings would not be the problem because when requesting the token with the client id provided by Microsoft in the example of the first link, I do not require the consent from the admin.
Just for the sake of clarity, this is the step that I would like to remove from the authorization process: Screenshot of the consent request screen
First of all you need to know that not all permissions require admin consent.
Dynamics CRM user_impersonationpermission doesn't require admin consent.But you need to make sure all the permissions added into your registered app don't require admin consent. As long as any permission requires admin consent, then admin consent cannot be bypassed.
Besides, make sure this configuration has been abled in the tenant(which the non-admin users are from).
UPDATE:
You are correct. After testing, I found that this permission does require admin consent. I believe this is an error in the documentation. It seems that the conclusion is that we cannot bypass admin consent.