Using RSC To Access Chat Messages with Microsoft Graph
I am building a Teams chat-bot that looks at the history of messages in the current chat/channel whilst in conversation with the user.
My bot has been granted all the RSC (Resource-Specific Content) Permissions it needs (see image below)
Here is the relevant parts of the manifest:
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.11/MicrosoftTeams.schema.json",
"version": "1.0.0",
"manifestVersion": "1.11",
"id": "bd33f8b1-b593-433c-926e-44a27c1bd94a",
...
"permissions": [
"identity",
"messageTeamMembers"
],
...
"bots": [
{
"botId": "e6d93739-a8ab-412d-a4f6-b6f514a3451a",
"scopes": [
"team",
"personal",
"groupchat"
],
"isNotificationOnly": false,
"supportsFiles": true
}
],
"validDomains": [],
"webApplicationInfo": {
"id": "e6d93739-a8ab-412d-a4f6-b6f514a3451a",
"resource": "https://RscBasedStoreApp",
"applicationPermissions": [
"TeamSettings.Read.Group",
"ChannelMessage.Read.Group",
"TeamSettings.Edit.Group",
"ChannelSettings.ReadWrite.Group",
"Channel.Create.Group",
"Channel.Delete.Group",
"TeamsApp.Read.Group",
"TeamsTab.Read.Group",
"TeamsTab.Create.Group",
"TeamsTab.ReadWrite.Group",
"TeamsTab.Delete.Group",
"Member.Read.Group",
"Owner.Read.Group",
"ChatSettings.Read.Chat",
"ChatSettings.ReadWrite.Chat",
"ChatMessage.Read.Chat",
"ChatMember.Read.Chat",
"Chat.Manage.Chat",
"TeamsTab.Read.Chat",
"TeamsTab.Create.Chat",
"TeamsTab.Delete.Chat",
"TeamsTab.ReadWrite.Chat",
"TeamsAppInstallation.Read.Chat",
"OnlineMeeting.ReadBasic.Chat",
"Calls.AccessMedia.Chat",
"Calls.JoinGroupCalls.Chat",
"TeamsActivity.Send.Chat"
]
}
}
Note: the bot has permission to read messages in chats and channels. Specifically, my problem affects chats and not channels (which I can get messages from fine).
In order to do this, I get a JWT token for the bot account, accessing the Graph API like so:
GraphServiceClient<?> gsc = GraphServiceClient.builder()
.authenticationProvider(u -> mac.getToken())
.buildClient();
Next, I am using the Graph API to pull back these messages. For messages in channels I can do:
gsc.teams("some group id")
.channels("team id")
.messages()
.buildRequest(Collections.emptyList()).get()));
This works fine.
For chats, I am doing something like:
gsc.chats("29:13qY8hmfkJinH9-v7rYKjCNFHYFJXKbjqR-NyzyKzL694npelHJoq5HrVtqJLRYo79OYeHGQq-bhtJM5N-yKXyQ")
.messages()
.buildRequest().get()));
However, this time I get an error from the Graph API:
[Some information was truncated for brevity, enable debug logging for more details] com.microsoft.graph.http.GraphServiceException: Error code: Forbidden Error message: Invoked API requires Protected API access in application-only context when not using Resource Specific Consent. Visit https://learn.microsoft.com/en-us/graph/teams-protected-apis for more details.
GET https://graph.microsoft.com/v1.0/chats/29:13qY8hmfkJinH9-v7rYKjCNFHYFJXKbjqR-NyzyKzL694npelHJoq5HrVtqJLRYo79OYeHGQq-bhtJM5N-yKXyQ/messages SdkVersion : graph-java/v5.6.0
I am at a loss to explain why querying channels works fine but querying chats fails.
Any help gratefully appreciated!
This is a protected API and in order to use it you will first need to make a formal request to Microsoft Graph, asking for permissions to use the API without any user interaction
Here is the list of protected APIs. You need to fill this form to get the required permissions.
To request access to these protected APIs, complete the following request form. We review access requests every Wednesday and deploy approvals every Friday, except during major holiday weeks in the U.S. Submissions during those weeks will be processed the following non-holiday week.
The other option would be to use delegated flow.
- Microsoft Identity Web: Change Redirect Uri
- Azure graph api to search groups whose displayName contains a specific term
- I am getting an error that OAuth2 Code has already been redeemed
- How can I add email recipients to a Graph API request programmatically?
- Access OneDrive Directories and files using MSGraph API with client Authentication
- Why is my Azure AD token request returning HTTP 400 consent error for API permissions that have been granted?
- Upload a file using msgraph Python SDK
- How can I use msgraph Python SDK to properly list or get files from OneDrive?
- AADSTS65001: The user or administrator has not consented to use the application with ID <app-id>
- Get-MgUserCalendar fails with "The specified object was not found in the store." for my own calendar
- How to get all the files in OneDrive account using the graph SDK?
- Microsoft Graph API fails to update user birthday and hireDate in GCC high environment
- Is there an easy way to display the profile image from graph api in a react application
- Trying to Authenticate with SharePoint and get list of files via API using access token
- Find or expand Sharepoint Page titleArea image - Microsoft Graph API
- Adding members to MS Entra Group via MS Graph API fails via Python Azure Function App
- Is it possible to bulk replace strings in an Excel file via API?
- Graph API IAuthenticationProvider removed
- AADSTS70000 Error When Requesting for Access Token
- Returning employeeId of a user through MS Graph API
- Secrets and Certificate Expiry with Graph Powershell
- How to set a Term into the TaxKeyword field of a file with Microsoft Graph
- Microsoft Graph API, Add SharePoint List Item suddenly throws exception for null strings
- How to create a working GraphServiceClient and query Graph for group names
- When i add the "ItemSend" Event handler in my add-ins manifest.xml thrown error while installing the add-ins
- How to call graphClient.Groups[groupId].GetAsync()?
- Get all email message using Microsoft Graph API in c#
- Microsoft graph batch calls for OneNote page renames fails with message "Invalid JSON body for request id"
- How can I "Get Microsoft Teams Users" Using of Microsoft Graph API
- Get a list of customer tenants without Partner Center API access