Azure-AD provider login dialog does not ask user for extra permissions?

[oscarcoding]

When I add some delegated API permissions to my Azure app (screenshot below), eg "Sites.ReadWrite.All" to access the user's Sharepoint data. I expect to see the login dialog ask the user something like "Permissions requested" and "The app would like to ...."

But it does not show this page at all - only the normal login dialog first page with username and password.

Why is it not asking the user to allow this access? Is there some other setting I need to enable to make this work? I have enabled the extra permission inside of Azure:

[oscarcoding]

I did end up accidentally find the answer to this - in the authOptions scope section, you have to also include prompt: consent. I didn't see that in any documentation, but there is so much I may have missed it.

export const authOptions = {
  adapter: PrismaAdapter(prisma),
  providers: [
    AzureADProvider({
      clientId: ...,
      clientSecret: ...,
      tenantId: ...,

      authorization: {
        params: {
          scope: 'openid email profile Sites.Search.All ... etc ... ',
          prompt: 'consent', // HERE !
        },
      },
    }),
  ],

Still getting a 403, but at least it now asks the user to give access to the delegated permission. So thats progress at least.