Missing Permissions for Microsoft Graph Add Chat message - microsoft-graph-api

I am trying to use Microsoft.Graph to send add a message to a chat. I have successfully found my team and created a channel for the messages to go into but when I try to actually send the message, I get a Forbidden error message. This is covered by the ticket:
Microsoft Graph API for Teams: Send Channel/ Chat messages and I am getting the same problem that #Koelier originaly got.
The reason that this is not fixed is that following the answer does not fix my problem. Indeed, the ChannelMessage.ReadWrite.All does not appear in my list. I am looking for the app to run as a service, in the background so the Application Permissions is the method I need to use.
I note that I am not alone in this as #johnnycardy notes that he has had exactly the same problem as me. Furthermore, I linked to the document referenced by #nastassiar and it did not reference the ChannelMessage.ReadWrite.All at all. I can assume it did once but not anymore.
Any guidance would be gratefully received.

Just checked the permissions to perform the same using graph explorer and the below are the ones that I had to add.
ChannelMessage.Send - Allows the app to send channel messages in Microsoft Teams, on your behalf.
Chat.ReadWrite - Allows an app to read and write your 1 on 1 or group chat messages in Microsoft Teams, on your behalf.
ChatMessage.Send - Allows an app to send one-to-one and group chat messages in Microsoft Teams, on your behalf.
Group.ReadWrite.All - Allows the app to create groups and read all group properties and memberships on your behalf. Additionally allows the app to manage your groups and to update group content for groups you are a member of.
enter image description here

Related

Teams bot, which approach to go for?

My use case requires me to integrate teams with an app. Whenever a message is sent from that app, a private channel will be created and the message will be sent to teams. I've been reading the documentation and it has only confused me further. Do I need to use graph or bot? Can I do this using only graphs or only bot?
It's possible to send a message using Graph API - see here for more: https://learn.microsoft.com/en-us/graph/api/chatmessage-post?view=graph-rest-1.0&tabs=http
HOWEVER, there are two ways to authenticate with Graph, either via an "application" permission (kind of like background service), or via "delegation", which means your app would work on behalf of a user. For this specific Graph endpoint, Microsoft mentions in the page that Application permissions are only allowed for "migration" (e.g. if you were building a tool to migrate from, say, slack to Teams). That means that you would have to use "delegation" which means the message would appear to come from a specific user.
As an example, instead of the message coming from "ABC Application", it would appear to come from "Syed Muhammad Ibrahim". If that's ok, then you can use Graph. If not, you would need to go the Bot route.

Is there any way to get user id/conversation reference to proactively message user on teams if installation event wasnt captured

Looking for the best course of action that would have the least impact on users to be able proactively message users with teams app (bot) installed but where they have not messaged the bot and the conversation reference was not captured at time of install.
The scenario is that have an enterprise bot that has been operational for over 3 years servicing 10s of thousands of employees. The bot is auto installed for all users in the tenant, but conversation references were only being stored in the last 2/3's of the applications life, and the install event was not being captured until recently. This was not an issue in past as all proactive functionality was predicated on some interaction with the bot.
I now have a need to be able proactively messages all users within tenant regardless of if they have messaged the bot or not, or if they last messaged the bot before conversation references were being stored. There are only a small subset of users the fall into this category.
Hoping some way to generate a conversation update, be it through graph or other means. The installationUpdate event through app update seemed promising as can update the application but seems only triggered if bot is added or removed
Review the information provided here: https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/proactive-bots-and-messages/graph-proactive-bots-and-messages?tabs=dotnet
Here is what we do
If we have the conversation ID in our cache/persistent store, we use
it to send the message
If we dont have, we use GET
https://graph.microsoft.com/v1.0/users/{user-id}/teamwork/installedApps/{teamsAppInstallationId}/chat
to get the chatid (the app id here is not the bot application ID, but the ID generated when the app is installed in the org app store and is available from the Teams Admin interface)
If the user does not have our app installed, we
install the app using the teamsAppInstallationId ID. This automatically generates a event without user intervention that
is sent to the bot which you can then use to capture the conversation ID.
POST /users/{user-id | user-principal-name}/teamwork/installedApps
This approach does require an Application Permission: TeamsAppInstallation.ReadWriteSelfForUser.All
You might look into using the List Teams functionality in the Graph API. You can use Graph to get teams and list their members, assuming you can grant your bot the necessary permissions. There are many features in the Graph API which might help you accomplish this.
To send a proactive message to user the bot requires the conversation reference. The conversation can be only retrieved when bot installed.
Without conversation reference you cannot send a proactive message using bot.
You can use Send message in a chat API to send message to chat with delegated permissions.
Could you please raise a uservoice for your case

Posting to a teams channel from a logic app or flow which includes an banner alert / activity feed item

I have a logic app which posts a channel chat message to teams automatically when a new item is created in SharePoint. This I have working but our client requires that all the team members receive a banner alert and activity feed which I am having a lot of difficulty with.
What I've already tried...
Using a Incoming web hook on the teams channel - this was a very simple way to post from the logic app but the incoming webhook don't seem to support mentions.
Using the msft graph api - The /team/channel/message endpoint can post messages and user mentions but the this endpoint doesnt support channel or team mentions. It also appears that the graph API needs to use delegated permissions to post messages in teams. I'm using application permissions as this is a logic app. The logic app HTTP post connector doesnt offer the "connect as username#tenant.com" some of the other connectors use.
Using the flowbot post message - Like the above channel and team mentions are supported here so the post is added to the channel but with no notification to the team members
Using a notification only bot - I thought I nearly had it with this one. Microsoft's node bot sample number 57 looked like it can do most of what I want, it iterates through the users in the team and messages them this a customisable alert message...
https://github.com/microsoft/BotBuilder-Samples/tree/master/samples/javascript_nodejs/57.teams-conversation-bot
However I can't see how this bot can be triggered from my logic app as it seems to require an existing conversation context or an #mention from within teams to start communicating with users.
What I'm considering trying next
Iterating users within the logic app - Next I plan to try and get team membership from the graph API and iterate the members in the Logic App, posting a message to each user separately. I had hoped to utilise the group #mention feature as a simpler way so I'd be grateful if anyone had any thoughts on other ways of doing this, or maybe there's something wrong with what I've already tried that you could give me some expertise on.
Thanks in advance ;)
Andy
You're on the right track with the Bot, but you're wanting to send something called a "Pro-active" message. You need the bot registered in the channel in order to get access to a few key properties (conversation id, service url, etc.), but you can use those to send a message from -outside- your bot (e.g. in an Azure Function). You might be able to do this directly from a Logic App, but I haven't tested that specifically.
To find out more, see my answer at Programmatically sending a message to a bot in Microsoft Teams but I've also got a recent blog post that you might find interesting for background on this at How Bots Actually Work.
Hope that helps
You can use Graph to post a message in 1:1 chat as long as you have the chat it. You can find the answer in this post Send message to personal Chat via Graph API
You can also call Graph API from Logic Apps. (https://techcommunity.microsoft.com/t5/integrations-on-azure-blog/calling-graph-api-from-azure-logic-apps-using-delegated/ba-p/1997666#:~:text=Calling%20Graph%20API%20from%20Azure%20Logic%20Apps%20using,Manage%20-%3E%20Certificates%20%26%20secrets%20More%20items...%20)

Accessing and creating Teams Chats via Graph API

I'm going over the Microsoft Teams section of the Graph API and trying to find out how to do two things:
Create a new chat, giving it a topic that correlates to an entity in our app (essentially creating a chat around an entity), invite specific users into it, and send messages to the chat.
Access the currently logged-in user's private chats, filtered by their topic, and show their contents inside our app.
For #2, it looks like it should be possible using beta endpoint of the Graph API, but I get 403 Forbidden errors both in the Graph Explorer when trying to access https://graph.microsoft.com/beta/me/chats, and in my own app, after enabling the Chat.Read permissons for it.
For #1, it looks like the API doesn't officially support creating new chats at all.
Is there any approach we can use to create and manage chats? Is there an alternative, perhaps not MicrosoftGraph-based API?
as you mention, the ms graph doesn't yet support initiating group chat. You would use the MS Bot Framework for this: https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/bots/bot-conversations/bots-conv-proactive
I see the docs on these Chat api do exist, but they are not present in the Graph Explorer. I tired testing them in the OfficeApiEditor tool with a v2.0 App Registration and Delegated permissions (Chat.Read) and i get this:
Failure - Status Code 500
"code": "InternalServerError",
"message": "Error while processing response.",
so maybe it will take some time before they are really available in beta.
In MS teams, there is a api called ChatMessage to post a message to a chat(only if the chat already exist or started). But, there is no api to create/start a new chat. I have raised a feature request. Do vote for this to suggest this idea to Microsoft.
https://microsoftteams.uservoice.com/forums/913786-microsoft-teams-free/suggestions/38776681-it-would-be-awesome-l-if-there-is-an-api-functiona

MS Graph API Teams: Application access to Channel Messages

I am looking at Teams Channel Create Chat Message method (currently only available in beta).
We have an application which manages groups of users and would like to integrate with MS Teams - create a Team, add Channels and send messages to the channel - all without a user. For this I have followed "Get access without a user".
However I notice that for this and other message level functions (list messages) Application permission is "Not Supported" and for our use case Delegated permissions is not really an option (similar to this).
Does anyone know why these are only available for Delegated Permission? is there a plan to enable this or is will this always not be "Not supported" for Application Access?
I appreciate that giving an Application full access to all messages may be something that Admins would not be keen on, but being able to post and retrieve messages from channels the application has created seems (to me) to be reasonable (perhaps the permissions model isn't that fine grained yet).
This is possibly an overlap of Unable to “List channel messages” on Azure AD Graph API Beta - the OPs answer contains an unanswered similar question.
We aren't currently sharing road map externally of when these types of things are being updated.
What we do ask is that you request these on our UserVoice channel so that we can track the demand and prioritize accordingly. If you can go here and add this request I'd appreciate this and I'll let the PM who owns this know https://developer.microsoft.com/en-us/graph/support

Resources