1

Can someone provide the procedure to add a MS Team tab containing a Planner plan?

This post is telling that the account that is creating the tab should be a member of the Team. Fine. I did add it and still, the plan tab creation isn't working.

You can find a snippet of my code bellow:

$graphAPIUrl = "https://graph.microsoft.com/v1.0"
$teamID = "TeamID-value"
$securedPassword = convertto-securestring -String $password -AsPlainText -Force
$creds = new-object -typename System.Management.Automation.PSCredential -argumentlist $login, $securedPassword 
Connect-AzureAD -Credential $creds
Connect-PnPOnline -ClientId $GraphAppId -ClientSecret $GraphAppSecret -AADDomain $AADDomain
$token = Get-PnPGraphAccessToken    

# Adding the plan into the team
$createPlanUri = "$($graphAPIUrl)/planner/plans"
$body = @{ 
    "owner"= $teamID; 
    "title"= "Planner" 
}
$headers = @{
    "Authorization" = "Bearer $token"
}
$formatedBody = ConvertTo-Json -InputObject $body
$createPlanResponse = Invoke-RestMethod -Method Post -Uri $createPlanUri -Headers $headers -Body $formatedBody -ContentType "application/json"

Error message :

Invoke-RestMethod : {
"error": {
"code": "UnknownError",
"message": "\r\n\r\n\r\n\r\n401 - Unauthorized: Access is denied due to     invalid credentials.\r\n\r\n\r\n\r\n\r\n\r\nServer Error\r\n\r\n \r\n  401 -     Unauthorized: Access is denied due to invalid credentials.\r\n  You do not have
permission to view this directory or page using the credentials that you     supplied.\r\n \r\n\r\n\r\n\r\n",
"innerError": {
  "date": "2020-09-16T13:29:50",
  "request-id": "c2ccdd4f-9659-4c14-8575-6ea998a2392e",
  "client-request-id": "c2ccdd4f-9659-4c14-8575-6ea998a2392e"
}
}
}

I dont need to specify that my credential are not wrong. I'm using them to do plenty of other thing as Team creation, OneNote nootebook creation and they are pefectly corrects.

What am I doing wrong ?

ameliapond
  • 218
  • 4
  • 18
  • 1
    It looks like you are using App only token to create a planner plan, and this is not supported according to the [permissions(Application Permissions are not supported)](https://learn.microsoft.com/en-us/graph/api/planner-post-plans?view=graph-rest-1.0&tabs=http#permissions). Please use the user token by authenticating with a user and then make a call. – Shiva Keshav Varma Sep 16 '20 at 13:56
  • Please let me know if it resolved your issue. – Shiva Keshav Varma Sep 17 '20 at 06:51
  • As soon as I know how to apply your advice properly. If you can provide a snippet It would be perfect. – ameliapond Sep 17 '20 at 08:13
  • 1
    Please use the access token that comes from this code `$Url = "https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token" $Body = @{ 'client_id' = 'appid' 'scope' = 'https://graph.microsoft.com/.default' 'client_secret' = 'secret' 'grant_type' = 'password' 'userName' = 'username' 'password' = 'password' } Invoke-RestMethod -Method 'Post' -Uri $url -Body $body`. Put appid,secret,tenantid, your username and password.This is an [ROPC flow](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc). – Shiva Keshav Varma Sep 17 '20 at 11:23
  • Please use this flow only for testing as this is not a recommended flow. Please check this [document](https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows) for other Authentication flows and use it.Hope this helps. – Shiva Keshav Varma Sep 17 '20 at 11:26
  • Thank you for replying @Shiva - -MSFT Identity. Now I receive the following error when I put the new token instead of mine. I put the result of the call in a variable called $response. I'm geting the token like so $response.access_token : Invoke-RestMethod : { "error": { "code": "InvalidAuthenticationToken", "message": "CompactToken parsing failed with error code: 80049217", "innerError": { "date": "2020-09-17T14:00:47", "request-id": "52e68ea7-48da-45ba-bd36-4ee89dbac174", "client-request-id": "52e68ea7-48da-45ba-bd36-4ee89dbac174" } } } – ameliapond Sep 17 '20 at 14:07
  • 1
    Please get the token and copy that access token properly and put it in the header where you are making the graph call. It worked for me. Some where you are not putting the access token in a correct way. – Shiva Keshav Varma Sep 17 '20 at 16:47
  • I'm getting the token but when I put it in the options of me header I receive the following error message >>> "You do not have the required permissions to access this item, or the item may not exist.", – ameliapond Sep 18 '20 at 09:47
  • Please check if you are doing it on the M365 Group or Team's Team group and use that groups id. – Shiva Keshav Varma Sep 18 '20 at 12:04
  • I'm doing ig on Team's Team group. – ameliapond Sep 18 '20 at 14:40
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/221697/discussion-between-shiva-msft-identity-and-ameliapond). – Shiva Keshav Varma Sep 18 '20 at 14:49
  • Is the issue resolved? – Shiva Keshav Varma Sep 30 '20 at 09:31
  • No it is not resolved. The link to the discussion is dead. Could it be caused by some quota limitation or account limitations ? – ameliapond Sep 30 '20 at 13:26
  • Not sure. What issue are you facing now? – Shiva Keshav Varma Oct 01 '20 at 10:39

0 Answers0