Microsoft App Registration - how to create meetings using OnlineMeetings.ReadWrite.All within an application context and not a user context?
I currently have an app registration in Azure portal. This app has a client secret set up on it and a number of API Permissions as well. These are permissions for the Microsoft Graph and are delegated as well. This is how it looks like,
Now I have also set up an App role for meetings as well, which looks like this,
With this context in mind, you can see I have added an application permission from the "My APIs" section, which points to my app registration and the permission for "OnlineMeetings.ReadWrite.All". My objective is to obtain an access token in order for my client app to create a meeting whilst running the following POST,
POST /users/{userId}/onlineMeetings/createOrGet
My question is to try and gain and understanding of what the authorization scope should be and the grant type as well when trying to obtain an access token. I have tried setting the authorization scope to be "offline_access https://graph.microsoft.com/.default" and the grant type to be "client_credentials" but to no avail. I want my client app to be able to create a meeting on behalf of any user from my tenant without the need for user consent or any application access policies being needed to be set up in Powershell. Is this possible to do?
Instead of setting up new App role, you need to add existing Microsoft Graph permission named OnlineMeetings.ReadWrite.All of Application type and grant consent to it.
I registered one Azure AD application and granted API permission as below:
Note that, you need to create application access policy and grant it access to
Globalto authorize the app configured in the policy to create online meetings on behalf of any user.
I used below PowerShell commands to install MicrosoftTeams module and create application access policy:
Install-Module -Name MicrosoftTeams -Force -AllowClobber
Import-Module MicrosoftTeams
Connect-MicrosoftTeams
New-CsApplicationAccessPolicy -Identity Sri-Test-policy -AppIds "xxxxxxxxxx" -Description "Allow access to Teams App"
Grant-CsApplicationAccessPolicy -PolicyName Sri-Test-policy -Global
Response:
Now, I generated access token using client credentials flow via Postman with below parameters:
POST https://login.microsoftonline.com/tenantID/oauth2/v2.0/token
grant_type:client_credentials
client_id: appID
client_secret: secret
scope: https://graph.microsoft.com/.default
Response:
When I used this token to make below POST request, online meeting created successfully like this:
POST https://graph.microsoft.com/v1.0/users/{userId}/onlineMeetings/createOrGet
Content-Type: application/json
{
"startDateTime":"2023-07-29T14:30:34.2444915-07:00",
"endDateTime":"2023-07-29T15:00:34.2464912-07:00",
"subject":"Sri Demo Online Meeting",
"externalId": "xxxxxxxxxx",
"participants": {
"attendees": [
{
"identity": {
"user": {
"id": "xxxxxxxxxxxxx"
}
},
"upn": "[email protected]"
}
]
}
}
Response:
Reference: onlineMeeting: createOrGet - Microsoft Graph v1.0 | Microsoft
- Microsoft Graph: How to filter users by domain name
- Blazor app hangs after request MS Graph Me.GetAsync()
- Graph API: Either scp or roles claim need to be present in the token
- How do I authorize a Python script to upload to SharePoint Online?
- Cannot fetch the customSecurityAttributes data from Entra ID user Profile using Microsoft Graph API in Dotnet Webapi
- How can I change default tenant in Microsoft Graph Explorer
- PnP Framework assign Permission to the SharePoint Using PowerCell
- How to access a group calendar using Microsoft Graph Api?
- getting color off calendar in microsoft graph api in calendarview
- Adding Students with the API and Class Notebook
- How to find the delay when I reset a password using Microsoft's Graph API?
- GraphServiceClient filter issue
- Verify Microsoft Access token on my ASP.NET Core Web API
- Microsoft Graph: List all users and their groups in one request
- How to handle scalability when sending DM with BotFramework
- How can I add email recipients to a Graph API request programmatically?
- Microsoft Identity Web: Change Redirect Uri
- Azure graph api to search groups whose displayName contains a specific term
- I am getting an error that OAuth2 Code has already been redeemed
- AADSTS700016: Application with identifier 'XXX' was not found in the directory 'directory_name'
- Access OneDrive Directories and files using MSGraph API with client Authentication
- Why is my Azure AD token request returning HTTP 400 consent error for API permissions that have been granted?
- Upload a file using msgraph Python SDK
- How can I use msgraph Python SDK to properly list or get files from OneDrive?
- AADSTS65001: The user or administrator has not consented to use the application with ID <app-id>
- Get-MgUserCalendar fails with "The specified object was not found in the store." for my own calendar
- How to get all the files in OneDrive account using the graph SDK?
- Microsoft Graph API fails to update user birthday and hireDate in GCC high environment
- Looking for a Microsoft Graph API that can update device ownership of a deivce
- Is there an easy way to display the profile image from graph api in a react application