User requires admin approval for login to Office 365 mail server
-
Hello Vivaldi Support,
I can not authentic into an Office 365 system. I get the message that I need admin approval. I searched the forums and found the following from Microsoft. What can be done so I might use Vivaldi Mail to login to this mail server?See the following:
https://learn.microsoft.com/en-us/answers/questions/495896/even-after-the-admin-grants-consent-to-the-app-theAlso this from the Vivladi Mail Forum:
Microsoft Office 365 OAuth support
Hello Vivaldi team,
We have the following issue with OAuth in Vivaldi Mail: when a user signs in and requests approval, even after consent is given by the admin, the user is unable to proceed and needs to ask for approval again.MSFT states that this is due to the code responsible for showing the authentication dialog.
In the documentation here MSFT states the following:
This issue usually occur when you pass prompt=consent parameter in your authentication request.
When passed in the authentication request, this parameter forces the users to respond to consent prompt even if consent is already provided.As documented here: Microsoft identity platform and OAuth 2.0 authorization code flow prompt=consent will trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app.
To resolve the issue, please update your application code to not include prompt=consent in every authentication request.
Here is what our internal testing shows:
An active directory admin can grant the permissions for his account and mail will connect just fine if the admin is on a Windows Machine and on the internal network.
An active directory admin cannot do the same on the internal network if on Linux
A regular user cannot login. Neither on Linux or Windows.
To clarify I have attached screenshots of the approval/consent flow.Approval dialog appears.
48f2076b-a017-4741-af07-3f6ac4dc52d4-image.png
After submitting an email is received that the admin needs to consent.
de654ff1-b19b-495d-8db4-34b1323289cc-image.png
After consent is given this is confirmed by email.
2d064320-0486-470c-ba49-d094c13505a6-image.png
When attempting to add the account again with OAuth the expected behavior is that you login and can acces email.
What happens is that the same consent approval dialog appears and users are stuck in a loop.
48f2076b-a017-4741-af07-3f6ac4dc52d4-image.png
According to all documentation we could find it appears to be that the issue is in the OAuth implementation on Vivaldi's end.
Looking forward to hearing from the Vivaldi team and have a good day
