I'm trying to convert some bot logic to use delegated permissions instead of application ones, but I'm running into an issue with a bot feature that can post to a Teams channel from a 1:1 conversation. The user can ask the bot to post to a channel, and this works fine, but when I take away Group.ReadWrite.All, I can't find a workaround that doesn't require admin consent. Here's the current flow:
- Get the user's joined teams (me/joinedTeams-gets the user's joined Teams. This requires Team.ReadBasic.All.
- Get the channels in the team (/teams/{id}/channels). This requires Group.Read.All (admin consent)
- Post to the channel (/teams/{id}/channels/{id}/messages) which requires ChannelMessage.Send
So with delegated, non-admin permissions, I can list a user's teams, post a message to a channel on their behalf, but not list the channels on their joined teams? The docs here say that you need delegated Group.Read.All or ReadWrite.All, both of which require admin consent.
Is there another way that I'm missing to get a list of teams/channels for a user to cross-post to? I don't want to have to add the bot to the channel. I suppose I could create/store a list of connectors for each channel, but that's a lot of extra user overhead. The challenge is that I want to deploy this bot to an org that refuses to give any application/admin consent permissions to 3p apps.
