I'm running a Teams bot (bot framework based) as my client app.
The bot uses Graph API to read a meeting's chat messages. Currently, the bot authenticates itself against Graph API through the "client credentials" flow against an Azure AD app. In the Azure AD app, I'm using Graph's application permissions to access the Teams chat.
These application permissions are extremely restricted and need explicit manual approval by Microsoft - which makes sense, if you let an app access potentially sensitive chat data.
I would like to change the authentication so that the bot can access Graph API on behalf of the user talking to the bot. I was able to create a login procedure, where the bot would display a "Login" button in Teams (via OAuthPrompt
), the user is taken into the browser to authenticate and then I would retrieve the access token.
Since Teams users are already authenticated, is it possible to get the access token of the current user instead, so that they don't have to log in again?