Background:
Hi, I'm trying to use the ms graph API with ROPC authentication (other auth methods were not working since I need a non-interactive login for delegated permissions) to faciliate sending channel messages back and forth from specific Teams channels and my chat application. This process is working on loading/sending messages but to get real time updates it looks like I need to be able to subscribe to a resource (outgoing webhooks require mentions and this isn't what I want, though I can set it up and it works).
Issue:
To subscribe to a resource (ms teams channel) I'm using the code below:
const token = VALID_TOKEN_HERE // from ROPC auth flow
const url = `https://graph.microsoft.com/beta/subscriptions`
const subscription = {
changeType: 'created,updated',
notificationUrl: `${MY_ENDPOINT}/api/teams/events`,
resource: `teams/${MY_TENANT_ID}/channels/${MY_CHANNEL_ID}/messages`,
expirationDateTime: moment().add(1, 'hours'),
includeResourceData: false,
}
const config = {
headers: {
Authorization: `Bearer ${token}`
}
}
const response = await axios.post(url, subscription, config).catch(e => console.log(e) )
My notificationUrl is set up like below.
router.post('/teams/events', async (req, res) => {
if (req.query.validationToken) {
res.set('Content-Type', 'text/plain');
return res.status(200).send(req.query.validationToken);
}
// code that does things with notification below
Error:
However, the original request to create a subscription fails and I get the following:
'Operation: Create;Exception: [Status Code: Forbidden;Reason: Caller does not have access to '/teams('TEAM_ID_HERE')/channels('CHANNEL_ID_HERE')/messages' resource]'
Other info: It is a standard (not private) channel with my user as a member
I'm requesting these permissions when getting my auth token 'ChannelMessage.Read.All Group.ReadWrite.All Directory.ReadWrite.All ChannelMessage.Send user.read openid profile offline_access'
My API permissions look like this
What am I missing to be able to create a subscription?