I would like to create a webservice capable of automatically sending messages in Microsoft Teams. I tried authenticating as an application, but currently Microsoft does not support granting application permissions to send messages in Teams, so the only choice here is to authenticate using a service account with real credentials (Unless there is another way?). This method only specifies using user interaction to log in as a user.
I would like to use a service account teamchatbot#domain.com to authenticate with Microsoft Graph in order to send messages on Microsoft Teams. (similar to this but since I'm not accessing a resource it is a little different.) Is there a way I can silently obtain an access token on behalf of the service account in order to send messages?
It seems that you have a misunderstanding.
Your scene is actually the same as this post.
You should use Resource Owner Password Credentials to call Microsoft Graph API to send messages.
Based on permissions, you need the Group.ReadWrite.All delegated permission. So you need to add this permission into your Azure AD app firstly.
Don't forget to click on "Grant admin consent for {your tenant}" after you add this permission.
Then you can get an access token like this:
You can see that https://graph.microsoft.com/Group.ReadWrite.All has been included in the response.
Now you could use this access token to call POST /teams/{id}/channels/{id}/messages.
There are a few other ways I can think of.
1) One is that you can create a Bot using the Microsoft Bot Framework, and once that bot is installed to the particular team, it can send "pro-active" messages (i.e. not a message in response to a user's message, but rather whenever you need).
Essentially, when you bot is added to the team, you get access to a specific event in your bot (OnMembersAdded for a general bot, and there's now a new event just for Teams). See more on this in my answer on Detect bot application open event. In this event, you get the information you need for later, which you can store in a database or wherever, and then create the message as if it's your bot posting to the channel. You can see more on that at Programmatically sending a message to a bot in Microsoft Teams.
This option above is a lot of work, but useful if there's other functionality you want from a bot (e.g. the ability to receive messages from the users)
2) Another, and even more simple way, is to create an incoming webhook directly to the channel. Here's a post on doing this using PowerShell, so you can do that for simple testing and extrapolate from there for Node.
Of course, things like Flow (Power Automate) are an option too, but you're already writing code so one of the above is probably easier.
Hope that helps
Related
I'm building a Node only application that reads logs in the background and based on an event being read will send a message to a Teams channel directly.
I've been having quite a few issues getting a Graph API access token valid through Username and password.
I have been able to get a Graph API access token with client secret and tenant id which represents access
"without a user". Now that does not allow me to post a message in a channel as I would need to have access "on behalf of a user".
API => https://graph.microsoft.com/v1.0/teams/{team-id}/channels/{channel-id}/messages .
Would there be another way of achieving this? Webhook/Connectors?
Thank you!
There's a few different ways you can post to a teams channel, you can set up like you said an http webhook, where you could call it to post into a channel https://learn.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/connectors-using
You can use power automate (flow) or logic apps to post messages as the flowbot, or you can write a bot/ use the bot framework to register a bot that can post to teams, called proactive messaging: https://learn.microsoft.com/en-us/microsoftteams/platform/resources/bot-v3/bot-conversations/bots-conv-proactive
As for trying to use graph with application permissions, that's not possible, at least for the moment.
Is there any way to send activities that are happening in external application to ms teams activity feed through any api.Now I have designed a blog where other users can like comment and follow my post in the blog.So I want to get all the activities that are happening in my blog to ms teams.
The Microsoft Graph REST API uses a webhook mechanism to deliver change notifications to clients. A client is a web service that configures its own URL to receive notifications. Client apps use notifications to update their state upon changes.
subscription operations require read permission to the resource. For example, to get notifications for messages, your app needs the Mail.Read permission.
Please look at change notification API
I want to be able to use the graph API to get a list of channels & teams, then have the app send an update to the appropriate channel without the user having to interact with MS Teams. Looking around I see a lot of posts saying this isn't possible yet, but Monday.com and Smartsheet seem to be doing this. Monday.com even specifies its using the beta api and neither are using connectors.
I attempted to do use the api POST /teams/{id}/channels/{id}/messages after authenticating via the way shown in this documentation
First Call for adminconsent
https://login.microsoftonline.com/organizations/v2.0/adminconsent?&client_id={botID}&response_type=code&redirect_uri=https://myoauthCallback&scope=offline_access User.ReadWrite.All Group.ReadWrite.All
After that returns I do an immediate call to get an access token, the above call doesn't seem to return anything I need to put into this request.
POST => /organizations/oauth2/v2.0/token
body = client_id={botId}&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret={secret}&grant_type=client_credentials
I set the permissions in https://portal.azure.com/#blade/ for the bot to have the same scope as the first request above. Here it doesn't like the scope passed in the same way so I set it to default
I then take the access_token that is returned and attempt the call to POST a message to the channel.
URL: /teams/{TEAM_ID}/channels/{CHANNEL_ID}/messages
body: {
subject: 'test subj',
body: { contentType: 'text', content: 'Test message from app' },
}
This results in an error
statusCode: 401, code: 'UnknownError', message: ''
So how do I get the same functionality of these other apps so I can send a message directly to teams without setting up a connector?
Turns out it was a Office 365 Connector vs the regular "connector" that requires configuration within teams.
https://www.youtube.com/watch?v=EqodWkS5PYM
Edit: Disregard, even with office 365 connectors it requires the user to still interact with MS Teams in some way.
Another Edit: Turns out it is using Proactive Messaging https://learn.microsoft.com/en-us/microsoftteams/platform/resources/bot-v3/bot-conversations/bots-conv-proactive#net-example-from-this-sample
Although technically you cannot actually send a message to the app without a user interacting with the bot first, the installation of the app does trigger a conversationUpdate to which you can reply. So In the end, I can install the Teams app, and send a bot notification all within my web app, without the user having to actually touch Microsoft Teams.
If you look at the "auth" page you linked to, it's talking about creating Application permissions. However, see the "create chatMessage in a channel" graph documentation and under "permissions" near the top it shows that it supports "Delegated" permissions only, so you can't use that particular endpoint with Application permissions unfortunately.
Connectors (Webhooks) will be able to do what you need, but you say you want to avoid that - perhaps you can explain why it's not ideal? I'm not aware of how to create a webhook programmatically, I'm afraid.
in Microsoft Teams we have a Team called "BD" and this team has a channel named "Global".
Now I have a ReactJS app with a NodeJS backend and I would like to
display all the messages that are written in the Global Channel of the Team "BD"
I only need to show which messages are written in the channel (so readonly would be sufficient).
What is the easiest way to achieve this ? Even an iFrame would be ok, if somehow possible.
Please take a look at List channel messages Graph API. First try these APIs in Graph Explorer.
To implement this in a code, you need to follow either Get access on behalf of a user or Get access without a user
Before calling this API with application permissions (access without a user), you must request access. For details, see Protected APIs in Microsoft Teams.
I am trying to implement a Bot which can get all the Direct Message Channels, all the workspace Users and send Direct Messages to them.
If I work with my development workspace everything works as expected but when I try with my company workspace, my Bot is only capable to retrieve the Direct Message Channel it is belonging to.
Any idea on how to fix by production Bot.
You can't. Due to the security architecture of Slack one can only see the messages of channels he is part of. Its the same even for the "super admin" of a Slack team (the primary owner). Bots and apps inherit that right from the user who installed it (= authed the access token).
The reason it works on your development Slack, is that your user has probably created all private channels on Slack, and/or is the same that authed the access token your app uses.
Thanks to Slack support I got my answer:
The OAuth Token issued is specific to the user who has installed your app and represents the permission(s) to perform actions on behalf of the user. More detailed information here - https://api.slack.com/docs/oauth.
The token can only perform the same actions as the user who installed the app i.e If the user can’t view or post in the channel, they can’t grant permission to something they do not have.