Getting "Forbidden" error while creating a meet in Teams with Microsoft Graph

Question

I want to create a meeting with API. I created an Application in Azure Portal with this permission:

OnlineMeetings.ReadWrite

Next, I followed the OAuth flow and obtained an access token(I removed part of access to the token and copy here):

{
  "aud": "00000003-0000-0000-c000-000000000000",
  "iss": "https://sts.windows.net/bbf86088-73dc-4587-89d3-33e6f9a1484f/",
  "name": "Meet master account",
  "oid": "90ac29be-2d4f-4e9b-a13c-b5abf8534cef",
  "platf": "5",
  "puid": "10032002F2311268",
  "scp": "OnlineMeetings.ReadWrite User.Read profile openid email",
  "signin_state": [
    "kmsi"
  ],
  "sub": "KfOfRbaUEccxbfM5KfcWDjzX1gRtijFJ7Qgqw09oslU",
  "tenant_region_scope": "NA",
  "tid": "bbf86088-73dc-4587-89d3-33e6f9a1484f",
  "uti": "nQXEiowwn0SGCHPDY0IhAA",
  "ver": "1.0",
}

After that, I made a request like that:

POST https://graph.microsoft.com/v1.0/me/onlineMeetings
Authorization: Bearer YOUR_ACCESS_TOKEN
Content-Type: application/json

{
  "startDateTime":"2022-01-01T14:30:34.2444915-07:00",
  "endDateTime":"2022-01-01T15:00:34.2464912-07:00",
  "subject":"Test Meeting"
}

I got this response:

{
    "error": {
        "code": "Forbidden",
        "message": "An error has occurred.",
        "innerError": {
            "date": "2023-09-14T09:32:46",
            "request-id": "39c6117b-7f71-43d2-bc73-c21893c0d120",
            "client-request-id": "39c6117b-7f71-43d2-bc73-c21893c0d120"
        }
    }
}

I am not sure why this error occurred.

Answer 1

The error usually occurs if you are trying to create online meeting with guest user or user from tenant with no Microsoft Teams license in it.

I created one new tenant and registered one Azure AD application by granting API permissions as below:

Now, I generated access token using authorization code flow via Postman like this:

POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token

grant_type:authorization_code
client_id: <appID>
client_secret: <secret>
scope: OnlineMeetings.ReadWrite
code:code
redirect_uri:https://jwt.ms

Response:

To check scp and upn claims, I decoded the above access token in jwt.ms website as below:

When I used this token to create online meeting, I too got same error as tenant has no valid license:

POST https://graph.microsoft.com/v1.0/me/onlineMeetings
Authorization: Bearer <token>
Content-Type: application/json

{
  "startDateTime":"2022-01-01T14:30:34.2444915-07:00",
  "endDateTime":"2022-01-01T15:00:34.2464912-07:00",
  "subject":"Test Meeting"
}

Response:

To resolve the error, make sure to have at least one Office 365 license in your tenant that includes Microsoft Teams in it.

When I tried the same with tenant having proper license, online meeting created successfully with below response:

POST https://graph.microsoft.com/v1.0/me/onlineMeetings
Authorization: Bearer <token>
Content-Type: application/json

{
  "startDateTime":"2022-01-01T14:30:34.2444915-07:00",
  "endDateTime":"2022-01-01T15:00:34.2464912-07:00",
  "subject":"Test Meeting"
}

Response: