Issue in sending personal message in MS Teams with Graph API
I registered my application in Azure AD website and collected the tenant ID, client ID, and client secret. I was able to generate the access token and chat ID for personal messaging which is requested in the below format
{
"chatType": "oneOnOne",
"members": [
{
"@odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": [
"owner"
],
"user@odata.bind": "https://graph.microsoft.com/v1.0/users('{your-user-id}')"
},
{
"@odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": [
"owner"
],
"user@odata.bind": "https://graph.microsoft.com/v1.0/users('{user-id}')"
}
]
}
I was able to generate chat ID for the mail. However when I tried the below end point
https://graph.microsoft.com/v1.0/chats/%7Bchat_id%7D/messages
for sending the message I am getting an error as below
{
"error": {
"code": "Unauthorized",
"message": "Message POST is allowed in application-only context only for import purposes. Refer to https://docs.microsoft.com/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams for more details.",
"innerError": {
"date": "2024-06-10T05:06:10",
"request-id": "4b1bf353-d1c0-4852-afcc-0c508d76d6d3",
"client-request-id": "4b1bf353-d1c0-4852-afcc-0c508d76d6d3"
}
}
}
Why am I getting this error?
I am expecting the token generated from application registration credentials to send personal messages in teams. However I am facing this issue. Now I am able to generate chat ID with any two user mail IDs in my organization. But I am blocked from sending personal Teams messages.
As mentioned in the MS Doc, sending messages with application permission are only supported for migration. So, it's not possible to send teams message with Application permissions.
Initially, I too got same error when I tried to send message with token generated with client credentials flow:
POST https://graph.microsoft.com/v1.0/chats/chatID/messages
Content-type: application/json
{
"body": {
"content": "Hello world"
}
}
Response:
To resolve the error, switch to delegated flows like authorization code flow for generating access token.
In my case, I added ChatMessage.Send permission of Delegated type in my application like this:
Now, I ran below authorization request in browser that gives code value in address bar after successful authentication:
https://login.microsoftonline.com/tenantId/oauth2/v2.0/authorize
?client_id=appId
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=ChatMessage.Send
&state=12345
You can use this code value to get access token using authorization code flow via Postman with below parameters:
POST https://login.microsoftonline.com/tenantId/oauth2/v2.0/token
grant_type:authorization_code
client_id:appId
client_secret:secret
scope:ChatMessage.Send
code:code
redirect_uri:https://jwt.ms
Response:
When I used this token to send message in chat, I got the response successfully like this:
POST https://graph.microsoft.com/v1.0/chats/chatID/messages
Content-type: application/json
{
"body": {
"content": "Hello world"
}
}
Response:
- Issue with adding delegated Graph API permission to Enterprise app with Terraform
- Azure VM metadata missing / emtpy publicIpAddress
- Python: List containers in the Azure Data Lake Storage
- azure blob storage account - log file is not generated as per setup
- SAS token mismatch on Azure DPS with Azure IoT Edge
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- How can I set the MQTT keepalive in the Azure IoTHub C SDK?
- AzureWebJobsStorage Managed Identity not working
- Resource move is not supported for resource types 'microsoft.visualstudio/account'
- Invalid configuration value detected for fs.azure.account.key with com.crealytics:spark-excel
- Access Sharepoint Online Files from .NET Worker Service via Microsoft Graph/OAuth - Unauthorized or Access Denied error (401)
- terraform azure application gateway recreated when add new rule
- Can't add libraries to function_app.py in azure Function
- Azure AI Translation - No document found in source with the given path and filters
- How to make Visible the Keys/Passwords in CosmosDB connection string - Azure
- Unable to execute Terraform after converting Service Connection to Workload Identity
- Unable to access Databricks account console being Azure Global Administrator
- What is a difference between elastic computing and serverless computing?
- How do I fix SerializationNotSupportedParentType and ThrowNotSupportedException_ConstructorContainsNullParameterNames exception in System.Text.Json?
- Update VCore by database in power shell
- While scanning a simple key, could not find expected ':'. Syntax error in azure-pipeline.yaml
- I'm not able to call the Azure document intelligence api using the latest api version "2024-02-29-preview"
- Get-RemoteDomain in powershell exchange online error : The term 'Get-RemoteDomain' is not recognized as the name of a cmdlet
- How can I Get Started Using Certificates to Authenticate my APIs Using Azure Key Vault?
- Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
- How to set up a site-to-site connection between Azure VNet and an on-premises network with a single IP address for traffic selectors?
- Summarization of docx or pdf document
- Unable to use Azure Developer CLI (azd) in vsCode even after extensions installed
- How to configure backend application on Container Apps
- WebJob is stopping due to website shutting down