Cannot add guests to a team through Graph API
I am trying to add users to a team that I have created through the Graph API using application permissions, but I run into an issue.
I POST the following object to https://graph.microsoft.com/beta/teams/{teamid}/members:
{"roles":[],"@odata.type":"#microsoft.graph.aadUserConversationMember","[email protected]":"https://graph.microsoft.com/beta/users/60d7e7a4-b1f6-4a5a-a9a3-80480156cb31"}
which returns 403 error code for guest users, regardless of if they are pending acceptance or has accepted the invitation. I get the following object returned:
{ "error": { "code": "Forbidden", "message": "An unknown error has occurred.", "innerError": { "date": "2020-12-17T12:10:54", "request-id": "16b3d4d7-6295-4cbd-b1bb-3803678947a6", "client-request-id": "16b3d4d7-6295-4cbd-b1bb-3803678947a6" } } }
It would seem like I might be missing some sort of permission, but I currently have these permission: Group.ReadWrite.All- Application
OnlineMeetings.ReadWrite.All - Application
TeamMember.ReadWrite.All - Application
User.Invite.All - Application
User.Read.All - Application
I have no issue when adding a member of the organisation to the team, it works perfectly fine.
Does anyone have any idea what could be wrong?
The first thing you need to know is that you must be a global administrator or a team administrator and team owner to add guests to the team, so you must log in as a user with the role of administrator before you can add guest users.
So you can't use the application permission to get the token, because it has no user login, you can use it to add member users, but it cannot be used to add guests. You need to add TeamMember.ReadWrite.All delegates permissions, and then grants admin consent, and then you need to use auth code flow to obtain an access token.
