Microsoft Graph API - Is it possible send chat message using client credentials flow?
I've been trying send a chat message to individual user in application mode, I mean, without each user being required to authenticate and grant access to the application. The idea is to make it transparent to them.
So I send this request to get access token:
POST https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token
grant_type=client_credentials,
client_id={app id registered in azure portal},
client_secret={registered app key},
scope=https://graph.microsoft.com/.default
Sending this request, I got the token.
Using this token, I try to send a message to the user using this request:
POST https://graph.microsoft.com/beta/chats/{chat-id}/messages
With this payload in JSON:
{
"body": {
"content": "Hello World"
}
}
The problem is that I got this error message:
{
"error": {
"code": "Unauthorized",
"message": "Message POST is allowed in application-only context only for import purposes. Refer to https://docs.microsoft.com/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams for more details.",
"innerError": {
"date": "2023-05-18T17:49:24",
"request-id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"client-request-id": "xxxxxxxxxxxxxxxxxxxxxxxx"
}
}
}
An interesting point is that I can create a Chat, using the same logic explained. I send this request with the token that I got:
https://graph.microsoft.com/v1.0/chats
Payload in Json:
{
"chatType": "oneOnOne",
"members": [
{
"@odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"[email protected]": "https://graph.microsoft.com/beta/users('user1')"
},
{
"@odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"[email protected]": "https://graph.microsoft.com/beta/users('user2')"
}
]
}
To create Chat it works fine, but to send a message, I got an error.
I have all application permissions.
According to this MS Documentation, sending chat message using Application permissions is not supported. As client credentials flow works with only Application permissions, it's not possible to send chat message using that flow.
But for creating chat via Microsoft Graph API, Application permissions are supported. Check this MS Document.
I registered one Azure AD application and granted API permissions as below:
Now, I generated access token using client credentials flow via Postman like below:
POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
grant_type:client_credentials
client_id: <appID>
client_secret:<secret>
scope: https://graph.microsoft.com/.default
Response:
When I used above token to create chat with this query, I got response successfully like below:
POST https://graph.microsoft.com/v1.0/chats
Content-Type: application/json
{
"chatType": "oneOnOne",
"members": [
{
"@odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"[email protected]": "https://graph.microsoft.com/beta/users('user1')"
},
{
"@odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"[email protected]": "https://graph.microsoft.com/beta/users('user2')"
}
]
}
Response:
But, I got same error when I tried to send message in this chat using same token like this:
POST https://graph.microsoft.com/beta/chats/{chat-id}/messages
{
"body": {
"content": "Hello World"
}
}
Response:
To resolve the error, you need to grant Delegated permissions to the application and generate access token using Delegated flows like authorization code flow or username password flow etc...
I added ChatMessage.Send Delegated permission in my application like below:
In my case, I generated access token with username password flow where user interaction is not required like below:
POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
grant_type:password
client_id: <appID>
client_secret:<secret>
scope: https://graph.microsoft.com/.default
username: [email protected]
password: xxxxxxxxxx
Response:
When I used this token in below query to send message in chat, I got response successfully like below:
POST https://graph.microsoft.com/beta/chats/{chat-id}/messages
{
"body": {
"content": "Hello World"
}
}
Response:
- PHP - How to get OAuth 2.0 Token
- UPS Outh Rating API return Invalid Authentication Information
- How to store sensitive data in React Native or expo code ? ( with Keychain and Keystore )
- How to get Optum sandbox to authenticate with OAuth 2.0 using Java and okhttp
- Spring Boot redirection back to login page
- New Google place api using google OAuth, ask failed to refresh token
- Getting OAuth code challenge on loopback server
- How do I solve audience (aud) invalid claim error for downstream api service?
- oauth 2 parameters can only have a single value: scope
- #oauth2 security expressions on method level
- Calling spring authorization server OAuth2 REST endpoints
- Google AdWords API authorization raising AdsCommon::Errors::AuthError
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Passport - Node.js not returning Refresh Token
- AWS Cognito: Missing Scopes in Access Token with Custom UI and Device Remember Functionality for MFA
- Cross-client Google OAuth: Get auth code on iOS and access token on server
- How to generate GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET without a domain?
- Spring Gateway and OAuth
- OAuth Client Credential Flow - Refresh Tokens
- Django OAuth2 Authentication Failing in Unit Tests - 401 'invalid_client' Error
- Add OAuth authentication for HTTP request triggers
- OAuth2 implementation and user management Django
- How to enable a submit button if form fields are auto-filled by the browser using saved credentials on page load?
- AADSTS70000 Error When Requesting for Access Token
- Is storing an OAuth token in cookies bad practice?
- Spring OAuth2 client performs Back-Channel Logout with an expired ID token
- I/O error on GET request for "https://localhost/application/o/{name}/.well-known/openid-configuration": Connection refused
- Restrict Microsoft Azure App OAuth2.0 to Internal Users
- How can I "Get Microsoft Teams Users" Using of Microsoft Graph API
- unsupported_grant_type error for authorization_code grant type: Spring Security OAuth2