Using the Microsoft Team Beta API, provisioning Teams - microsoft-graph-api

I have been trying to use the Graph API, beta version, and am able to create an office 365 group , but so far no luck with adding a Microsoft Team to the group.
When i use the beta API i will get a code InvalidRequest, "Calling this API using MSGraph Application Permissions is not supported."
The request i am sending is a PUT with "https://graph.microsoft.com/beta/groups/{id}/team" with id the group id. Also i am sure the bearer token is ok, since other requests such as creating an office 365 group work fine.
Setting delegated permissions in Azure app registration or granting permissions didnt seem to work. Is this a beta issue for now or is there something else i should be looking for?
See the below error as example :
{
"error": {
"code": "InvalidRequest",
"message": "Calling this API using MSGraph Application Permissions is
not supported.",
"innerError": {
"request-id": "c4c28d6c-e7f2-4817-bdc7-c5985de61c92",
"date": "2018-06-19T19:18:22"
}
}
}
Regards,
Jos Eilers

App-only permissions are not currently supported. It only works with delegated permissions and that too for work or school accounts. Wont work with Personal MS account
At my end, I am making a PUT request to the /beta/groups/<group id>/team endpoint with the below mentioned payload and it works:
{
"memberSettings": {
"allowCreateUpdateChannels": true
},
"messagingSettings": {
"allowUserEditMessages": true,
"allowUserDeleteMessages": true
},
"funSettings": {
"allowGiphy": true,
"giphyContentRating": "strict"
}
}
reference - Create team - Beta documentation

Related

Microsoft Graph API Errors for ServiceNow

I am integrating ServiceNow with Teams specifically to push notifications to users and channels using microsoft graph api.
Issue #1 -
I have configured an OAuth profile for azure app to utilize microsoft graph API, setup required API permissions and calling various chat related API functions. For 'Create Chat' request I am getting below error:
responseBody: {
"error": {
**"code": "UnknownError",**
"message": "",
"innerError": {
"date": "2021-01-29T09:20:53",
"request-id": "90a99bf5-048f-445b-b58c-ee46fc30edf3",
"client-request-id": "90a99bf5-048f-445b-b58c-ee46fc30edf3"
}
}
}
API call -
var restMessage = new sn_ws.RESTMessageV2();
restMessage.setHttpMethod("POST");
restMessage.setEndpoint("https://graph.microsoft.com/beta/chats");
restMessage.setRequestHeader('Content-Type', 'application/json');
restMessage.setRequestHeader('Authorization', 'Bearer ' + retrieveToken()); //retrieveToken() function creates access token.
restMessage.setAuthenticationProfile('oauth', 'a5325df007022010f60df7fc7c1ed0a2');
restMessage.setRequestBody(global.JSON.stringify(
{"chatType": "oneOnOne","members":
[
{
"#odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"user#odata.bind": "https://graph.microsoft.com/beta/users('<userID>')"
},
{
"#odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"user#odata.bind": "https://graph.microsoft.com/beta/users('<userID>')"
}
]
}
));
var response = restMessage.executeAsync();
var responseBody = response.getBody();
gs.info('responseBody: '+responseBody);
Most of the suggestions are to set appropriate API permissions. This is already set correctly on Azure (both delegated and apppication permissions) and in OAuth entity scope in servicenow.
Issue #2 -
For the same setup instead of usign scripted API, I defined REST Message record and trying to get the token by clicking 'Get OAuth Token' related link and getting following error:
https://dev72030.service-now.com/oauth_redirect.do?error=invalid_client&error_description=AADSTS650053%3a+The+application+%27msgraph-client-app%27+asked+for+scope+%27**Chat.Read.All%27+that+doesn%27t+exist+on+the+resource**+%2700000003-0000-0000-c000-000000000000%27.+Contact+the+app+vendor.%0d%0aTrace+ID%3a+b0b9ff39-fd1a-49c9-85fa-3c8c71943600%0d%0aCorrelation+ID%3a+9c276922-3a77-4cc1-890b-23177ffd1845%0d%0aTimestamp%3a+2021-01-29+10%3a31%3a27Z&state=-1877865371#
This say I need to set 'Chat.Read.All' API permission. This is already provided on both sides, Azure app and OAUth profile in SNOW.
What am I missing
Could you please check this docs? For second issue: Could you please check the permissions on src by going through the jwt.io

Microsoft Graph Education API Method not allowed

When i try to create class at Graph explorer "https://graph.microsoft.com/v1.0/education/classes" with following request.
{
"description": "Class 9th Frist batch",
"classCode": "9th-A",
"displayName": "9th Class",
"externalId": "11019",
"externalName": "9th Class",
"externalSource": "sis",
"mailNickname": "fineartschool.net"
}
Response:
{
"error": {
"code": "MethodNotAllowed",
"message": "Method not allowed.",
"innerError": {
"request-id": "7daf0b9c-165a-4c18-a2b9-b90a59d00cc6",
"date": "2020-05-19T13:26:06"
}
}
}
I am able to list and create Calender's and events but i am not allowed to create or list classes.
Can anybody guide me what's the issue with my account? Why i am getting above response. How can i use education API?
The issue here is that Graph Explorer uses Delegated scopes but the Create educationClass endpoint only accepts Application scopes:
Delegated (work or school account): Not supported.
Delegated (personal Microsoft account): Not supported.
Application: EduRoster.ReadWrite.All
Since Delegated scopes are not supported, you won't be able to use Graph Explore to create a Class. You will need to use your own code/app to request the EduRoster.ReadWrite.All scope and use the Client Credentials OAuth Grant to obtain your token.

List events API call on Microsoft Graph Java SDK doesn't work for #outlook.com domain

When I tried the following GET request using Microsoft Graph explorer:
https://graph.microsoft.com/beta//me/calendars/joseph.baker.doodle#outlook.com/calendarView?startDateTime=2019-10-24T07:40:43.133Z
I got this response:
{
"error": {
"code": "ErrorInvalidIdMalformed",
"message": "Id is malformed.",
"innerError": {
"request-id": "7ffa9b3c-b5bf-4171-b5ad-242dd831b629",
"date": "2019-11-21T06:30:12"
}
}
}
When I try it with user's calendar ID:
https://graph.microsoft.com/beta//me/calendars/AQMkADAwATM3ZmYAZS0yNDI1LTEwMmMtMDACLTAwCgBGAAADWt9re56XX0ay-rq-yg7yKwcA94f8IFhbyEuRrCHknQvqSwAAAgEGAAAA94f8IFhbyEuRrCHknQvqSwAAADW523EAAAA=/calendarView?startDateTime=2019-10-24T07:40:43.133Z&endDateTime=2019-10-31T07:40:43.133Z
Also for an account with #onmicrosoft.com:
https://graph.microsoft.com/beta//me/calendars/joseph.baker.doodle#onmicrosoft.com/calendarView?startDateTime=2019-10-24T07:40:43.133Z
It works as expected.
Can somebody help me with this? Is the issue domain-related?
Calendars are always referenced by id instead of name. Also, since Outlook.com is a single-user platform, it simply isn't possible to reference another user's resources.
I'm frankly surprised /me/calendars/joseph.baker.doodle#onmicrosoft.com/ since this is not a supported/documented address scheme.

Office API getAccessTokenAsync result yields InvalidAuthenticationToken response from Graph

i have been trying to tackle this issues for a while now, i am workin on an Office-js addin for Outlook and is trying to access Microsoft Graph data through my addin.
But i have been unable to authenticate the token i recieve from getAccessTokenAsync.
If i attempt to use the authenticator from Office-JS-Helpers i can get access, but i would prefer to use the built in function of the addin for it.
the code i am trying to use is this:
Office.initialize = () => {
var options = { forceAddAccount: true, forceConsent: true } as Office.AuthOptions;
Office.context.auth.getAccessTokenAsync(options, getAccessTokenAsyncCallback);
}
function getAccessTokenAsyncCallback(accessTokenResponse) {
console.log(accessTokenResponse.value)
client = MicrosoftGraph.Client.init({
authProvider: (done) => {
done(null, accessTokenResponse.value);
},
debugLogging: false
})
client.api("/me")
.get((err, res, rawResponse) => {
console.log(err)
console.log("rawResponse")
console.log(rawResponse)
})
}
and my WebApplicationInfo in my manifest is:
<WebApplicationInfo>
<Id>{AppUID}</Id>
<Resource>api://localhost:3000/{AppUID}</Resource>
<Scopes>
<Scope>profile</Scope>
<Scope>user.read</Scope>
</Scopes>
</WebApplicationInfo>
</VersionOverrides>
and the rights has been set up in my app on the Application Registration Portal.
as far as i can see when validating/decoding the JSON Web Token i recieve from getAccessTokenAsync, it should be valid.
but whenever i try to connect using this token i get this response:
{
"statusCode": 401,
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"requestId": "4a0ce952-0e90-XXXXXXXXX-db20c6cca94e",
"date": "2018-08-30T05:37:43.000Z",
"body": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "4a0ce952-0e90-XXXXXXXXX-db20c6cca94e",
"date": "2018-08-30T07:37:43"
}
}
}
i simply can't figure out what the issue is here, am i wrong in that the token returned from getAccessTokenAsync is the one i need for this?
oh yes and i am running up against an Office365 environment with Outlook 2016 version 1807 build 10325.20118 click to run
The token that is returned by getAccessTokenAsync, called the bootstrap token, does NOT give your add-in access to MS Graph directly. Instead it gives the Office host application, Outlook in this case, access to your add-in's web application. Your add-in's web application then uses that token to get an access token to Microsoft Graph. It does this by using the "on behalf of" OAuth flow. Please see the extensive documentation at this node: SSO in Office Add-ins and, for Outlook-specific guidance, also see Authenicate a user in an Outlook Add-in with an SSO token.

Get Tasks lists from Microsoft beta Graph API

I cannot GET data about the tasks when I use a personal account to login.
GET https://graph.microsoft.com/beta/me/outlook/tasks
When I use my company account to login the REST request works fine,
but when I use personal accounts ( ...#outlook.com, ...#hotmail.com, ...#live.com )the request return the error response:
{
"error": {
"code": "RequestBroker-ParseUri",
"message": "Resource not found for the segment 'Outlook'.",
"innerError": {
"request-id": "d7a97e67-358a-41fa-b70b-81a2096cb4cb",
"date": "2018-01-08T13:30:39"
}
}
}
Any suggestions?
The beta release of Graph's Outlook Tasks API doesn't support Personal/Outlook.com accounts at the moment. It is planned but there isn't an ETA available just yet.
Try: GET https://graph.microsoft.com/beta/me/planner/tasks
I'm not certain, but I think that may be what you're looking for

Resources