How to write a message to Microsoft Teams with Azure ClientApplication Token

0
votes

I try to send a message to Microsoft Teams with the graph api and a non-personal ClientApplication token.

It is currently no problem to get the token from Azure by clientId / secret / tenantId. The token seems to work as well, so I'm able to get e.g. the list of all azur users by rest api. But when I try to send a message to Teams with this token (POST https://graph.microsoft.com/v1.0/teams/{team-id}/channels/{channel-id}/messages), the result is { "error": { "code": "Unauthorized", "message": "Unauthorized", "innerError": { "date": "...", "request-id": "..." } } }

The same call works fine with my personal bearer token.

Any idea how to enable the clientapp to post to teams?

1
c#azuremicrosoft-teamsazure-ad-graph-api

1 Answers

0
votes

From your description, you are using client credential flow to get the token, then use the token to call Microsoft Graph, if so, the Application permission is needed.

You got the error because the Microsoft Graph - Create chatMessage in a channel does not support the Application permission, it means you could not use the client credential flow in this case.

enter image description here

FAQ:

The token seems to work as well, so I'm able to get e.g. the list of all azure users by rest api.

To call different APIs via this flow, you need different Application permission, this works because your app has the application permission to call the api - List users.

The same call works fine with my personal bearer token.

I suppose you are using another flow to get the token, e.g. auth code flow, ropc flow. These flows need the Delegated permission, which is supported to create chatMessage in a channel.

enter image description here