Handle Admin Consent Callback
Unauthenticated: Microsoft redirects the browser here without a Stuut
session, so the signed state token is the only proof of who started
the flow. We verify it, derive the org from its claims, and open a tenant
session for that org. On success, stamps the consent timestamp and stores
the granted scopes; on failure, raises with the provider error.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Body
True if Microsoft returned admin_consent=True.
Authoritative tenant GUID returned by Microsoft's native admin-consent redirect.
The signed state token from the consent URL, echoed back.
Scopes consented, space-delimited.
OAuth error code on failure.
Response
Successful Response
How mail is transported — 'nylas' (OAuth sync/send) or 'sendgrid' (domain send).
nylas, sendgrid The org's Microsoft mailbox connection: consent state and Entra details.
The org's Google mailbox connection state.
Routing / auto-assignment config for the centralized inbox.
SendGrid transport configuration.
