0

I want to send messages to a team's channel. So far, I've been able to create teams, create users among various other operations successfully, the token I generated works just fine. Sending messages to a channel however only works with delegated permissions and the request to send a message fails with error code 401.

login.microsoftonline.com/tenant_id/oauth2/v2.0/token is the end point I'm using the default scope i.e. graph.microsoft.com/.default which informs the Microsoft Identity platform of Application Permissions of the App only, how do I modify the POST request to generate a token to honor delegated permissions for the App and send messages to the channel ?

In other words, I would like to know how to generate a token when making use of a Graph API that only supports delegated permissions ?

Carl Zhao
  • 8,543
  • 2
  • 11
  • 19
Dhiwakar Ravikumar
  • 1,983
  • 2
  • 21
  • 36
  • Please check the [documentation](https://learn.microsoft.com/en-us/graph/api/chat-post-message?view=graph-rest-beta&tabs=http). At this point, you can send messages to a team channel using Delegated permissions only. So you need to make sure your AAD is designed in a way which supports it. Application permission won't work as its not supported, check the above documentation. – Dev Jan 07 '21 at 08:21
  • does it helped? – Dev Jan 08 '21 at 04:24
  • @Dhiwakar : carl and dev have given accurate answers to this question. Please let us know if you still face issues. – Manish-MSFT Jan 11 '21 at 05:47
  • @Manish-MSFT, thank you so much for the assistance. I got it to work after taking a close look at the auth code flow and implementing it correctly, it's working now. – Dhiwakar Ravikumar Jan 11 '21 at 17:01

1 Answers1

2

What @Dev said in the comments is correct, you can send messages to a team channel using delegated permissions only. So, you must grant delegated permissions to the application, and then grant admin consent for that permission.

As for the 401 error you received, I think you may have used the wrong authentication flow. When you use delegated permissions to obtain a token, you should use the auth code flow, which requires you to log in to the user to obtain the authorization code, and then use the authorization code is redeemed for the access token.

Carl Zhao
  • 8,543
  • 2
  • 11
  • 19
  • How to get a delegated token without using the login form. In my case I need to save files to one drive account I have created for my application. So users don't have to log in. the app itself logins and upload files to OneDrive. My application a SPA (Angular) – Lenzman Apr 19 '21 at 13:40
  • 1
    @JeffinJ Hello, I cannot answer your question in the comments because of the word limit. Can you post a question and link me to your question? – Carl Zhao Apr 20 '21 at 01:48
  • This is the link to my post. It has an active bounty on it that expires today. [How to get the Access Token for OneDrive API from Angular](https://stackoverflow.com/q/66954353/11152084) – Lenzman Apr 20 '21 at 04:44
  • @JeffinJ Okay, we will communicate in your post. – Carl Zhao Apr 20 '21 at 06:11