Permissions required for sending messages through ms teams bot - microsoft-graph-api

I want to build a Microsoft teams messaging bot for sending/receiving messages. For my app, I noticed that I had to add application level API permissions for chat read/write scopes and get them approved in order to send bot messages to users.
However, I noticed that installing an app from the Microsoft teams app store (like Stack overflow for teams) worked right out of the box. It didn't require any additional approvals, etc. for their bot to send me a message.
My question is:
What permissions are required/bundled in that can allow bot to send user a message after user installs/adds app?

Related

Is there any way to get user id/conversation reference to proactively message user on teams if installation event wasnt captured

Looking for the best course of action that would have the least impact on users to be able proactively message users with teams app (bot) installed but where they have not messaged the bot and the conversation reference was not captured at time of install.
The scenario is that have an enterprise bot that has been operational for over 3 years servicing 10s of thousands of employees. The bot is auto installed for all users in the tenant, but conversation references were only being stored in the last 2/3's of the applications life, and the install event was not being captured until recently. This was not an issue in past as all proactive functionality was predicated on some interaction with the bot.
I now have a need to be able proactively messages all users within tenant regardless of if they have messaged the bot or not, or if they last messaged the bot before conversation references were being stored. There are only a small subset of users the fall into this category.
Hoping some way to generate a conversation update, be it through graph or other means. The installationUpdate event through app update seemed promising as can update the application but seems only triggered if bot is added or removed
Review the information provided here: https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/proactive-bots-and-messages/graph-proactive-bots-and-messages?tabs=dotnet
Here is what we do
If we have the conversation ID in our cache/persistent store, we use
it to send the message
If we dont have, we use GET
https://graph.microsoft.com/v1.0/users/{user-id}/teamwork/installedApps/{teamsAppInstallationId}/chat
to get the chatid (the app id here is not the bot application ID, but the ID generated when the app is installed in the org app store and is available from the Teams Admin interface)
If the user does not have our app installed, we
install the app using the teamsAppInstallationId ID. This automatically generates a event without user intervention that
is sent to the bot which you can then use to capture the conversation ID.
POST /users/{user-id | user-principal-name}/teamwork/installedApps
This approach does require an Application Permission: TeamsAppInstallation.ReadWriteSelfForUser.All
You might look into using the List Teams functionality in the Graph API. You can use Graph to get teams and list their members, assuming you can grant your bot the necessary permissions. There are many features in the Graph API which might help you accomplish this.
To send a proactive message to user the bot requires the conversation reference. The conversation can be only retrieved when bot installed.
Without conversation reference you cannot send a proactive message using bot.
You can use Send message in a chat API to send message to chat with delegated permissions.
Could you please raise a uservoice for your case

MS Teams - Sending Messages to Users from External App

The organization that I work for previously used Slack as our collaboration tool. With Slack, I was able to register an app in the workspace and use the provided access tokens to invoke the API to send a message to a user from our external web application. It was very straightforward. There was no intermediate app that needed to be coded to enable this messaging.
Recently, we've transitioned from Slack to MS Teams, and in looking over the Graph API documentation, there does not currently appear to be a way to proactively send a message from an external application to a user. The available permissions for the chatMessage endpoint indicate the availability of only a delegated permission to send a message on behalf of a specific user; no permission exists to send a message on behalf of an external application.
Is it possible to use the Graph API to directly send a message from an external application to a user? Or must a bot application be created in order to achieve this?
It must be a bot application to achieve above mentioned requirement. ChatMessage endpoint works to send a message on behalf of user only.

Microsoft Graph - Send message on MS teams on behalf of a user

Is there a way to send a message on behalf of a user either in private chat or channel. In my case, the admin gives both application and delegated permission for the app. When the admin is part of the chat/channel, the messages are delivered correctly using MS Graph API but when the chat happens between 2 other signed-in users where the admin is not involved, I am not able to send the message as any of the user. I get UnknownError/Unauthorized since the token which is generated is related to admin user.
If we cannot send a message on behalf of a user using MS Graph is there any other way to achieve this. Can MS Bot take care of this scenario? Will each user have to install the bot so that it can send the message even if the Bot is not part of the conversation?
If we cannot send a message on behalf of a user using MS Graph is
there any other way to achieve this.
You can send chat message using Graph APIs. To send message on behalf of a user, your app must get consent from each individual users. Application permission is currently not supported.
Will each user have to install the bot so that it can send the message
even if the Bot is not part of the conversation?
It's a good idea to build Bot and send notifications instead of sending it from one of the user's account. You can use Proactive message to send message. In order to send message, your Bot needs to be installed for each user.
Could you please elaborate more on scenario? Are you looking for something similar to Company Communicator?

Create slack channel using slack app

I have a private slack application (developed by user 'X' from team 'XT')
I have a web server knows how to complete the Oauth process and generate tokens per teams
Now- as a user Y from team YT I am installing the slack app on my YT team and get a token,
using that token I perform API call for channels.create ,
I got into my team (aka YT) and indeed I see that the channel was created ,
BUT
it's written that the channel was created by the specific user that installed the slack app, meaning user Y.
I would expect to see that channel was created by the application not by specific user.
Is there any way to do that ?
thought about using bot token (got from the app instllation) but channels.create cannot be performed by a bot
I am afraid there is no solution for your problem. Every "write" action on Slack has to be attached to either a bot or a user. And since channels.create can not be used by a bot, it has to be a user.
The master access token of your Slack app is linked to the user that installed it, which is why that user will appear as creator of the channel when you use it.
I use a generic admin user ("slackadmin") for that purpose on my own Slack, but that will of course not work as general solution for each Slack team that want to install your app from the Slack App Directory.

What OAuth Scopes are required for a listen & reply Slack Bot using the Slack Events API?

I am trying to make a bot that will listen to all public & private channels, and IMs for a team, and will reply when it sees certain trigger words. This will be a "Slack App", installable to your team using the "Add to Slack" button, and includes a "Bot User".
I have asked for the "bot" OAuth scope, and subscribed to the "message.channels,message.groups and message.im" Team Events (at https://api.slack.com/apps/myAppId/event-subscriptions) but do not appear to receive event POSTs through the Events API when new messages are sent.
Adding the "channels:history,groups:history,im:history" scopes makes the bot receive these event POSTs, but I believe only for the user that added the bot, so it will not watch groups that the adding-user was not a member of, or IMs between 2 other users. This means that behaviour will be different, depending on which user installed my bot.
Is there a way of installing the app/bot for an entire team? The documentation seems to indicate that a 'bot' scope should have the ability to receive events, but I am not seeing this (I require the channels:history scope etc. above).
bot - request this scope when your Slack app includes bot user functionality. Unlike incoming-webhook and commands, the bot scope grants your bot user access to a subset of Web API methods, the RTM API, and certain event types in the Events API.
(from https://api.slack.com/docs/oauth-scopes)
The page on bots also claims that a bot can receive all messages through the RTM API:
This websocket will send you all of the messages and activity that happen in public and private channels that the bot user is invited to, as well as messages that are sent to it via direct message. A bot user opens this websocket with the RTM API by sending an authenticated call to the rtm.start API method. To learn more about connecting to the RTM API, read the documentation here.
(from https://api.slack.com/bot-users)
Is this same behaviour possible in the events API without needing to use the RTM API or add those additional scopes mentioned above?
I see from your comment that you have understood that the bot scope (and the channels.message Events subscription) allows your bot to receive from channels it is present in.
You have two options
1) you ask for channel.write scope in addition to bot, and you invite the bot in all channels (using the user token, not the bot token)
2) you work on your onboarding and figure out a way to get your "champion", ie the user who installed your app, to invite your bot in relevant channel.
Keep in mind that solution 1) is usually seen as very intrusive, especially in large teams where most people haven't heard of your app nor taken the decision to install it. But it can be suitable for some very specific use cases. Option 2) is the recommended route, but it is hard :-) Good luck!

Resources