I currently have an app registration in Azure portal. This app has a client secret set up on it and a number of API Permissions as well. These are permissions for the Microsoft Graph and are delegated as well. This is how it looks like,
Now I have also set up an App role for meetings as well, which looks like this,
With this context in mind, you can see I have added an application permission from the "My APIs" section, which points to my app registration and the permission for "OnlineMeetings.ReadWrite.All". My objective is to obtain an access token in order for my client app to create a meeting whilst running the following POST,
POST /users/{userId}/onlineMeetings/createOrGet
My question is to try and gain and understanding of what the authorization scope should be and the grant type as well when trying to obtain an access token. I have tried setting the authorization scope to be "offline_access https://graph.microsoft.com/.default" and the grant type to be "client_credentials" but to no avail. I want my client app to be able to create a meeting on behalf of any user from my tenant without the need for user consent or any application access policies being needed to be set up in Powershell. Is this possible to do?
Instead of setting up new App role, you need to add existing Microsoft Graph permission named OnlineMeetings.ReadWrite.All of Application
type and grant consent to it.
I registered one Azure AD application and granted API permission as below:
Note that, you need to create application access policy and grant it access to
Global
to authorize the app configured in the policy to create online meetings on behalf of any user.
I used below PowerShell commands to install MicrosoftTeams
module and create application access policy:
Install-Module -Name MicrosoftTeams -Force -AllowClobber
Import-Module MicrosoftTeams
Connect-MicrosoftTeams
New-CsApplicationAccessPolicy -Identity Sri-Test-policy -AppIds "xxxxxxxxxx" -Description "Allow access to Teams App"
Grant-CsApplicationAccessPolicy -PolicyName Sri-Test-policy -Global
Response:
Now, I generated access token using client credentials flow via Postman with below parameters:
POST https://login.microsoftonline.com/tenantID/oauth2/v2.0/token
grant_type:client_credentials
client_id: appID
client_secret: secret
scope: https://graph.microsoft.com/.default
Response:
When I used this token to make below POST request, online meeting created successfully like this:
POST https://graph.microsoft.com/v1.0/users/{userId}/onlineMeetings/createOrGet
Content-Type: application/json
{
"startDateTime":"2023-07-29T14:30:34.2444915-07:00",
"endDateTime":"2023-07-29T15:00:34.2464912-07:00",
"subject":"Sri Demo Online Meeting",
"externalId": "xxxxxxxxxx",
"participants": {
"attendees": [
{
"identity": {
"user": {
"id": "xxxxxxxxxxxxx"
}
},
"upn": "demouser@xxxxxxx.onmicrosoft.com"
}
]
}
}
Response:
Reference: onlineMeeting: createOrGet - Microsoft Graph v1.0 | Microsoft