Context: I’m building a web app that intends to provide insights and analysis on user’s Sharepoint and OneDrive data. Users should be able to come to my web app, connect their Sharepoint and OneDrive data by going through some oauth flow and agreeing to ‘read’ scopes we want on their workspace data, and then we should be able to generate an access and refresh token on their behalf for usage in our app according to the scopes they agreed to. For example we want to be able to search over a user’s sharepoint data given some input query.

Problem: I continue to face this error trying to generate an access token:

400 Bad Request: "{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID 'fa30181d-73e3-4ac8-bc74-cdb9323c19f6' named 'appTesting'. Send an interactive authorization request for this user and resource. Trace ID: 24846f12-6d9e-4a04-b3bf-abb970710e00 Correlation ID: c0886b13-403b-4843-8fbe-34525d564452 Timestamp: 2024-04-30 02:15:00Z","error_codes":[65001],"timestamp":"2024-04-30 02:15:00Z","trace_id":"24846f12-6d9e-4a04-b3bf-abb970710e00","correlation_id":"c0886b13-403b-4843-8fbe-34525d564452","suberror":"consent_required"}"

• I’m following this guide: https://learn.microsoft.com/en-us/graph/auth-v2-user?tabs=http
• Scopes I’m requesting: offline_access User.Read Files.Read
• My current set up works for generating the oauth url successfully per the guide, I see the scopes my app is requesting (User.Read, Files.Read, offline_access), I accept and am successfully redirected to a url containing the code, state, and session_state, however I get the invalid_grant error trying to generate the access token with the code returned from the oauth url flow following the specifications in the guide.
• I’ve added the APIs I want and granted admin consent for the APIs I want for permissions for in Application > API permissions > Grant admin consent, I. have also added the User.Read and Files.Read scopes to the ‘Expore an API’ tab.
• I can confirm the redirect uri, client secret, client id, and tenant ID being used in my code matches up to the values in the Azure UI
• In the web app I created in App Registrations, under Authentication sidebar tab, the Implicit grant and hybrid flows checkboxes are unchecked, also ‘Allow public client flows’ setting is set to false.

It seems to me like I’m following the guide precisely, and there’s some issue in my Azure UI configuration somewhere that I don’t know about and that isn’t included in the guide. Any advice for resolving this issue would be much appreciated!

TLDR and main question, what is this error caused by when trying to generate an access token?

400 Bad Request: "{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID 'fa30181d-73e3-4ac8-bc74-cdb9323c19f6' named 'appTesting'. Send an interactive authorization request for this user and resource. Trace ID: 24846f12-6d9e-4a04-b3bf-abb970710e00 Correlation ID: c0886b13-403b-4843-8fbe-34525d564452 Timestamp: 2024-04-30 02:15:00Z","error_codes":[65001],"timestamp":"2024-04-30 02:15:00Z","trace_id":"24846f12-6d9e-4a04-b3bf-abb970710e00","correlation_id":"c0886b13-403b-4843-8fbe-34525d564452","suberror":"consent_required"}"

As described in problem detail.