Microsoft Graph API - Is it possible send chat message using client credentials flow?
I've been trying send a chat message to individual user in application mode, I mean, without each user being required to authenticate and grant access to the application. The idea is to make it transparent to them.
So I send this request to get access token:
POST https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token
grant_type=client_credentials,
client_id={app id registered in azure portal},
client_secret={registered app key},
scope=https://graph.microsoft.com/.default
Sending this request, I got the token.
Using this token, I try to send a message to the user using this request:
POST https://graph.microsoft.com/beta/chats/{chat-id}/messages
With this payload in JSON:
{
"body": {
"content": "Hello World"
}
}
The problem is that I got this error message:
{
"error": {
"code": "Unauthorized",
"message": "Message POST is allowed in application-only context only for import purposes. Refer to https://docs.microsoft.com/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams for more details.",
"innerError": {
"date": "2023-05-18T17:49:24",
"request-id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"client-request-id": "xxxxxxxxxxxxxxxxxxxxxxxx"
}
}
}
An interesting point is that I can create a Chat, using the same logic explained. I send this request with the token that I got:
https://graph.microsoft.com/v1.0/chats
Payload in Json:
{
"chatType": "oneOnOne",
"members": [
{
"@odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"user@odata.bind": "https://graph.microsoft.com/beta/users('user1')"
},
{
"@odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"user@odata.bind": "https://graph.microsoft.com/beta/users('user2')"
}
]
}
To create Chat it works fine, but to send a message, I got an error.
I have all application permissions.
According to this MS Documentation, sending chat message using Application permissions is not supported. As client credentials flow works with only Application permissions, it's not possible to send chat message using that flow.
But for creating chat via Microsoft Graph API, Application permissions are supported. Check this MS Document.
I registered one Azure AD application and granted API permissions as below:
Now, I generated access token using client credentials flow via Postman like below:
POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
grant_type:client_credentials
client_id: <appID>
client_secret:<secret>
scope: https://graph.microsoft.com/.default
Response:
When I used above token to create chat with this query, I got response successfully like below:
POST https://graph.microsoft.com/v1.0/chats
Content-Type: application/json
{
"chatType": "oneOnOne",
"members": [
{
"@odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"user@odata.bind": "https://graph.microsoft.com/beta/users('user1')"
},
{
"@odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"user@odata.bind": "https://graph.microsoft.com/beta/users('user2')"
}
]
}
Response:
But, I got same error when I tried to send message in this chat using same token like this:
POST https://graph.microsoft.com/beta/chats/{chat-id}/messages
{
"body": {
"content": "Hello World"
}
}
Response:
To resolve the error, you need to grant Delegated permissions to the application and generate access token using Delegated flows like authorization code flow or username password flow etc...
I added ChatMessage.Send Delegated permission in my application like below:
In my case, I generated access token with username password flow where user interaction is not required like below:
POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
grant_type:password
client_id: <appID>
client_secret:<secret>
scope: https://graph.microsoft.com/.default
username: username@xxxxxxxx.onmicrosoft.com
password: xxxxxxxxxx
Response:
When I used this token in below query to send message in chat, I got response successfully like below:
POST https://graph.microsoft.com/beta/chats/{chat-id}/messages
{
"body": {
"content": "Hello World"
}
}
Response:
