MS Graph API Authentication | MS Teams | Bot framework - microsoft-graph-api

I am new to bot development. I am working on creating a MS Teams bot using bot framework. The bot will be installed in ‘Personal’ scope in Teams, and it doesn’t have any tab / messaging extension etc. Once installed, I want to get the list of all the members/ channels/ Notification updates (i.e. members added/deleted etc.). As per the different documentation, I can get the list using Graph API.
List members of team - Microsoft Graph v1.0 | Microsoft Docs
List members of a channel - Microsoft Graph v1.0 | Microsoft Docs
To achieve this, I need the token that will be passed in API. I am not sure how to implement that. I have followed the instructions mentioned in Add authentication to a bot in Bot Framework SDK - Bot Service | Microsoft Docs. There was a step to add ‘Add OAuth Connection Settings’ and there were multiple options in ‘Service Provider’. I selected ‘Azure Active Directory v2’. After doing that, it works and I can get the token, but it only works if during login, I user my azure directory credentials. I have a Microsoft account linked with my MS Teams which id different than the Azure account. A user in team can have a Microsoft account / work / office account so this needs to work for everyone so what would be the correct ‘Service Provider’ option that will work for all accounts?
I was thinking that the flow should be like:
When clicks on ‘Add’ button to install the app in Teams
Once added, bot will prompt for Graph API permission using OAuth.
Once user gives the permission, I can use the token to call graph APIs.
I have also looked at the following tutorials:
How to use Bot Framework Composer to build low-code Microsoft Teams bots (Part 1)
Get user profile information in your Microsoft Teams bot with Microsoft Graph (Part 2) - YouTube
But after performing all the steps, when I try to login, it says – ‘This action can't be performed since the app does not exist or has been uninstalled.’.
I am not getting a clear approach on how to proceed with it.

As #Maxim has also suggested, if you want to have a bot that should run multitenant you need to put tenant Id as common in OAuth Setting in Azure bot. As the value suggest it isn't going to specific to single tenant and Redirect Uri should be set to https://token.botframework.com/.auth/web/redirect in app registration.
This is it, you don't need to add anything.
This is also mention in the doc --
We have some sample around it as well that shows how to use Graph API with the bot -
https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/csharp_dotnetcore/24.bot-authentication-msgraph
You can setup this one and update the Graph calls to get member of team or channels.

Related

Does Graph API support POSTing a Bot app feature to Microsoft Teams?

I am trying to use Graph API to automate the process of creating a Microsoft Teams app with a Bot app feature.
I found this Graph API endpoint called publish teamsapp which allows me to POST a Teams app package and instantiate a Teams app. Below, the "Appr 4 - MS Teams Test" app was created by uploading an app package to the aforementioned endpoint.
App published through Graph API
However, in order to complete this automation, I need to create a Bot app feature under "Configure > App features" of my Teams app.
My problem is that the publish teamsapp doesn't seem to support creating the Bot app feature. The app package' that you upload contains a manifest.json. The schema of this manifest only allows you to provide a Bot ID (presumably for an existing bot). You cannot specify the webhook URL for this bot and there do not appear to be any APIs to generate the bot's client secret.
App features
My question is, are there any Microsoft APIs that would allow me to create, read from, and write to bot app features? Ideally, I would like to be able to do the following:
Create the bot app feature
Retrieve the bot ID associated with the bot
Set the webhook URL of the bot
Create a client secret associated with the bot
Retrieve the client secret so I can store in my own database.
Is this step 1 to step a loop you would like to follow? I will consider Azure Logic APP to do the bot API call to create a bot - https://learn.microsoft.com/en-us/azure/logic-apps/quickstart-create-first-logic-app-workflow
Also, there is a forum actively monitoring by Teams-dev member you may want to check there as well - https://learn.microsoft.com/en-us/answers/questions/topics/single/58062.html

O365 - E5 Developer Program - Microsoft Graph query service not available

I am trying to set up the E5 program and start doing some integration with my app. One feature of my application is it should be able to upload files to a Teams channel in Teams. While I was able to grant permissions on the development account to create teams, channels and retrieve information. I could not figure out how to enable Microsoft Graph to query the drive.
For instance,
I am trying to call this API
https://graph.microsoft.com/v1.0/groups/{my group id}/drive
and, I always get the error "serviceNotAvailable".
I tried contacting Microsoft support and they said I have a developer account and they can't provide support to me, sad. Does anyone know if there are special permission I need to set up in azure portal or anywhere to enable the Drive APIs?

Are There Azure AD App Perms Available for Microsoft Teams REST API

I want to start doing some development with the preview edition of the Microsoft Teams APIs.
I currently have a solution working using the Azure AD v2 Endpoint but I wanted to get a working solution using the v1 Endpoint.
I can't find any Microsoft Teams permissions available in the Azure AD portal and I didn't see anything specifically about this in the Known Issues the Teams API.
Can anyone comment on whether there are any options for a pure v1 Endpoint solution using application registration available right now? If not, is it planned?
The v1 Endpoint uses the same permissions as the v2 Endpoint. The primary difference between the two is that v2 scopes can by dynamically requested during authentication while v1 Endpoint requires permissions to be pre-defined within the registration.
When using the Azure Portal, all of the permissions for Teams show up under "Microsoft Graph". For the Teams you'll generally need User.Read and Group.ReadWrite.All. The Azure Portal lists permissions by description (although you can see the underlying scope name in the tooltip):
Sign in and read user profile (user.read)
Read and write all groups (Group.ReadWrite.All)
Note that Group.ReadWrite.All does require Admin Consent. Before you can authenticate normal user's, you will first need to have an Administrator go through the Admin Consent process.
I'm posting this as the answer, because I'm pretty certain this will trip up other developers out there. Up to this point, when getting an access token for AAD v1 apps that use Microsoft Graph, you use "https://graph.windows.net" as the Resource ID. The interwebs are replete with this example, and I have it in my own code that I use for OneNote and other services.
Now with the Graph endpoint for connecting to Teams (and probably other things), the Resource ID you need to use is "https://graph.microsoft.com". Just ran through a quick test using an AAD v1 app with the Microsoft Graph API and Read All Groups permission. I'm sure there's an explanation out there from some MSFT person that might make sense, but I have not found it after many hours of searching the web.
Hope this helps someone.

Create slack channel using slack app

I have a private slack application (developed by user 'X' from team 'XT')
I have a web server knows how to complete the Oauth process and generate tokens per teams
Now- as a user Y from team YT I am installing the slack app on my YT team and get a token,
using that token I perform API call for channels.create ,
I got into my team (aka YT) and indeed I see that the channel was created ,
BUT
it's written that the channel was created by the specific user that installed the slack app, meaning user Y.
I would expect to see that channel was created by the application not by specific user.
Is there any way to do that ?
thought about using bot token (got from the app instllation) but channels.create cannot be performed by a bot
I am afraid there is no solution for your problem. Every "write" action on Slack has to be attached to either a bot or a user. And since channels.create can not be used by a bot, it has to be a user.
The master access token of your Slack app is linked to the user that installed it, which is why that user will appear as creator of the channel when you use it.
I use a generic admin user ("slackadmin") for that purpose on my own Slack, but that will of course not work as general solution for each Slack team that want to install your app from the Slack App Directory.

Office 365 Outlook Calendar : How to access multiple user's calendar in a single ASP.NET MVC application?

We are trying to implement a calendar portal (C# ASP.NET MVC) where one admin can see multiple outlook(or office 365) users calendar and see who is available. So multiple accounts should be accessed from one ASP.NET MVC application.
First question : Is it even possible? (may be because I had already seen post on stackoverflow : EWS - Access All Shared Calendars )
Second question : What would be the right approach?
Third question : Is there any project available from Microsoft or article? (I could find any good one)
I have had gone through Using Azure Multi-Tenant application without an Office 365 subscription to access users calendar information and https://www.youtube.com/watch?v=0kvDyl5HShA.
I have had also get connected with a single user's account via OAuth2. It was successful.
Currently, we have this subscription. If any more information required then please comment. Then I will add more description as per necessary.
Thank you.
You could try to build Daemon or Service Apps using client credential grant flow as described in this blog, the service app that requires admin consent, but is authorized to access any user's mailbox/calendar information in your Office 365 tenant. You could click here for sample web app that uses client credential flow to access Users, Mail, Calendar, Contacts in Office 365 via Rest APIs .
This link you provided needs to associate your Office 365 account with Azure AD to create and manage apps .If you can have an existing Microsoft Azure subscription, you can associate your Office 365 for business subscription with it. .Otherwise, you'll need to create a new Azure subscription and associate it with your Office 365 account in order to register and manage apps. For more details ,please read how to set up your Office 365 development environment.

Resources