Need help in understanding delegated permissions for a teams meeting transcriptions bot

Sai K 0 Reputation points
2024-10-04T06:13:14.4133333+00:00

Hi everyone,

I am building a custom team app which is basically a meeting bot which retrieves the transcripts of the meeting when the meeting ends. I followed this Microsoft sample https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/meetings-transcription/nodejs

 

There are some permissions(OnlineMeetingTranscript.Read.All) needed to use the users/{user_id}/onlinemeetings/{meeting_id}/transcripts api. These permissions can be delegated level or application level as per the documentation. https://learn.microsoft.com/en-us/graph/api/onlinemeeting-list-transcripts?view=graph-rest-beta&tabs... The API works fine with application level permissions. But when I try to make it delegated, I use the me/onlinemeetings/{meeting_id}/transcripts api. the api returns a 400 Bad request error

 

{

    "error": {

        "code": "BadRequest",

        "message": "/me request is only valid with delegated authentication flow.",

        "innerError": {

            "date": "",

            "request-id": "",

            "client-request-id": ""

        }

    }

}

I wanted to understand if a delegated level of permission for my use case (meeting transcription bot) is feasible or not.  Is it a hard requirement that the permission level should be application level for the meeting transcription bot? If yes, why?

Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
3,333 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sayali-MSFT 2,736 Reputation points Microsoft Vendor
    2024-10-04T11:15:52.1866667+00:00

    It seems that using delegated permissions for your meeting transcription bot might not be feasible for your specific use case.

    Delegated Permissions: These are permissions that an app uses on behalf of a signed-in user. They require a user to be present and logged in to access certain resources. This is why your attempt to use the /me/onlinemeetings/{meeting_id}/transcripts endpoint results in a 400 Bad Request error when you’re not authenticated as a user or when the required authentication flow isn’t being utilized.

    Application Permissions: These permissions are granted to the application itself and do not require a signed-in user. They allow the app to access resources in the Microsoft Graph API on behalf of itself, rather than a user. This is why your application-level permissions work without issues.

    If your bot is meant to serve a wide range of users or meetings, using application permissions would be the recommended approach.
    Also, it appears that application-level permissions are a hard requirement for your meeting transcription bot due to the limitations and security considerations associated with delegated permissions.

    Reference Document:

    Overview of Delegated and Application Permissions: Microsoft Graph Permissions Reference

    Online Meeting Transcripts API: List Transcripts API Documentation

    Authentication and Authorization: Authentication and Authorization Basics

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.