I am able to read channel messages as long as I am a member of a particular channel but I am unable to read channel messages in which I am not a member but I am a global administrator with following delegated permissions.Can anybody help?
ChannelMessage.Read.All, Group.Read.All, Group.ReadWrite.All
When I am trying to execute I am getting the following response
{
"error": {
"code": "Forbidden",
"message": "Forbidden",
"innerError": {
"date": "2020-09-10T04:37:36",
"request-id": "727d898d-ee3e-484d-b2b6-46582834ca9c",
"client-request-id": "727d898d-ee3e-484d-b2b6-46582834ca9c"
}
}
}
You'll need to use Application rather than Delegated permissions for this. When you're using Delegated permissions, you can only access Channels you are a member of (i.e. the same Channels you see in the Teams app).
Note that these are Protected APIs, so you'll need to request access before you can use them (above and beyond the normal Admin Consent flow).
Related
I followed this document https://learn.microsoft.com/en-us/graph/api/oauth2permissiongrant-post?view=graph-rest-1.0&tabs=http
I can successful request the list api after add permission "
Directory.Read.All" to the application, while the create api returns an error
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2021-11-15T08:54:50",
"request-id": "46986851-590c-4687-b909-918e9d233f07",
"client-request-id": "46986851-590c-4687-b909-918e9d233f07"
}
}
is there any other permission required or some additional operations needed?
This is expected as the Create requests requires Directory.ReadWrite.All. You app seems to have only Directory.Read.All which is not enough for doing objects writes.
Trying adding Directory.ReadWrite.All to your app and trying again. Make sure it is granted by admin on Azure AD portal.
The GetChat API (https://graph.microsoft.com/v1.0/chats/{chatid}) from Microsoft Graph returns error 403 (Forbidden) for some chats when using application permissions. The application being used has Chat.Read.All permissions with admin consent granted. Also, the same application returns success for other chats.
Following are errors for couple of requests to get chat, that were tried using Postman:
1:
{
"error": {
"code": "Forbidden",
"message": "Forbidden",
"innerError": {
"date": "2021-10-18T13:16:26",
"request-id": "79c2ca6f-5b85-44ed-a3da-ef3607630a41",
"client-request-id": "79c2ca6f-5b85-44ed-a3da-ef3607630a41"
}
}
}
2:
{
"error": {
"code": "Forbidden",
"message": "Forbidden",
"innerError": {
"date": "2021-10-18T13:18:37",
"request-id": "5cfd4f22-8c25-4ecf-aa88-0c0c3df560d4",
"client-request-id": "5cfd4f22-8c25-4ecf-aa88-0c0c3df560d4"
}
}
}
You could try couple of things here -
Try the same API call in Graph explorer and observe if you still see this error. This will help in identifying if there is any issue with the token that you have generated.
You may have changed your API permissions after giving your application admin consent. When you give admin consent, Azure AD will take a "snapshot" of the permissions at the time of consent. Then if you change the permissions later, you will need to re-do the admin consent process again.
Personal accounts are not supported. Refer permissions here.
I'm trying to get the chat messages from MS team channel using API.
https://graph.microsoft.com/v1.0/teams/{team-id}/channels/{channel-id}/messages
It works in graph explorer and returns the list of all chat messages. But when I hit the same API within Postman it return the following error:
I have consented all the required permission in azure app. What else am I missing here. Has anyone faced similar issues?
Please let me know.
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"date": "2021-04-20T04:01:46",
"request-id": "e32d3a2e-001c-4478-8c9c-8d5ff0c5e125",
"client-request-id": "e32d3a2e-001c-4478-8c9c-8d5ff0c5e125"
}
}
}
list channel messages is under protected API in MS teams. Before calling this API with application permissions, you must request access. To get the access you have to apply request access form
I am trying to send a message or reply to a message using Graph APIs for MS Teams. I have the correct permissions set and also have access to Protected APIs (if thats a concern).
The APIs I use to send messages are for both channel and 1:1 chat message.
POST URL Request:
https://graph.microsoft.com/beta/chats/{chat-id}/messages/{message-id}/replies
https://graph.microsoft.com/beta/chats/{chat-id}/messages/
https://graph.microsoft.com/beta/users/{user-id}/chats/{chat-id}/messages/
https://graph.microsoft.com/beta/teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies
https://graph.microsoft.com/beta/teams/{team-id}/channels/{channel-id}/messages
Permissions set are ChannelMessage.Send, Group.ReadWrite.All, ChatMessage.Send for both delegated and application level.
I use a 2-step process to authorize the client /authorize and then /adminconsent.
When trying to post message I always get "UnknownError" and empty message with 401 status code.
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"date": "2020-07-10T04:58:06",
"request-id": "ff58128b-585b-4242-99c4-011c8e537d94"
}
}
}
Is this some issue with my app or from MS graph side?
Issue was with the access token. Using app-only permissions to send message is not supported.
Ref: https://github.com/microsoftgraph/microsoft-graph-docs/issues/8998
When trying to get messages as Admin (with Group.Read.All scope) I am getting following error:
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"request-id": "fc234750-dd35-4748-a1b3-baf4a7c5267c",
"date": "2018-11-14T09:16:55"
}
}
}
Getting teams and channels works.
I tried the same using my user (not an admin, just regular user that created the conversation) in graph explorer and everything works ok.
Is this a bug or a feature (only user giving his permission explicitly allows the app to read conversations) ?
Are you a member of the team? Admins don't get special privileges when working with messages – in order to read a message, they have to be a member of the team like anyone else.