The below error occurs when I try to acquire Access Token with user credentials using OAuth 2.0 Resource Owner Password Credentials.
AADSTS700016: Application with identifier ‘xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx’ was not found in the directory ‘Contoso’. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant
The client application which I have used is registered in Azure AD with Delegated Permissions. The problem occurred since the required consent is not granted to use the application. To fix the problem, we need to provide consent either by the user or tenant administrator for the application to use the required delegated permissions.
You will not get the same error if you used the MSAL (Microsoft Authentication Library) or ADAL library since the libraries work with user interactive login and it will automatically prompt the consent page if the consent is not granted to use the app.
Grant admin consent to the Azure AD app from Azure portal.
Follow the below steps to grant consent for the delegated permissions from the Azure portal.
- Sign in to the Azure portal, select Azure Active Directory.
- In the Azure Active Directory pane, select App registrations, select the required app (click on app name hyperlink) to open the app configuration page.
- In the application configuration page, select API permissions in the Manage section.
- Select Grant admin consent for Tenant button to provide the consent for the configured permissions.
Note: If you face this issue with a third-party application, you will not see the app in App registrations since it will be available in the app provider’s tenant. For this case, you can select Enterprise applications in the Azure Active Directory pane, then select Permissions in the Manage section and provide admin consent.