Forbidden Access to my own Teams Meeting

Question

Hi there,

I installed Teams addon to Google Calendar. Each time I schedule new Teams meeting there, I get a link like this:

https://www.google.com/url?q=https://teams.microsoft.com/l/meetup-join/19%253ameeting_ODFlYWRmMGMtNGQ5MC00NTFhLTllNWYtNmU3ZjY3ZjFmMmI2%2540thread.v2/0?context%3D%257b%2522Tid%2522%253a%2522ddf19c03-4218-44a7-b7a8-b8ab152bca3f%2522%252c%2522Oid%2522%253a%2522a48d8206-bf6d-4ea4-aa1f-040444934ce1%2522%257d&sa=D&source=calendar&ust=1718094855869399&usg=AOvVaw1sIQTbrKRswWjUaC0W6DkT

It simply redirect me to this one

https://teams.microsoft.com/l/meetup-join/19%3ameeting_ODFlYWRmMGMtNGQ5MC00NTFhLTllNWYtNmU3ZjY3ZjFmMmI2%40thread.v2/0?context=%7b%22Tid%22%3a%22ddf19c03-4218-44a7-b7a8-b8ab152bca3f%22%2c%22Oid%22%3a%22a48d8206-bf6d-4ea4-aa1f-040444934ce1%22%7d

However, if I try to get a meeting info via Ms Graph,

curl --location 'https://graph.microsoft.com/v1.0/me/onlineMeetings?%24filter=JoinWebUrl%20eq%20%27https%3A%2F%2Fteams.microsoft.com%2Fl%2Fmeetup-join%2F19%3ameeting_ODFlYWRmMGMtNGQ5MC00NTFhLTllNWYtNmU3ZjY3ZjFmMmI2%40thread.v2%2F0%3Fcontext%3D%7b%22Tid%22%3a%22ddf19c03-4218-44a7-b7a8-b8ab152bca3f%22%2c%22Oid%22%3a%22a48d8206-bf6d-4ea4-aa1f-040444934ce1%22%7d%27'

I get 403

{
    "error": {
        "code": "Forbidden",
        "message": "3003: User does not have access to lookup meeting",
        "innerError": {
            "request-id": "b742f6bd-f980-442d-a273-cc5baffa3780",
            "date": "2024-06-06T09:12:26",
            "client-request-id": "b742f6bd-f980-442d-a273-cc5baffa3780"
        }
    }
}

Here you can check my decrypted token

{
  "aud": "https://graph.microsoft.com",
  "iss": "https://sts.windows.net/ddf19c03-4218-44a7-b7a8-b8ab152bca3f/",
  "iat": 1717660918,
  "nbf": 1717660918,
  "exp": 1717665953,
  "acct": 0,
  "acr": "1",
  "aio": "ATQAy/8WAAAAhhFegR0O27CAQDJlMEdWLf+HWQdWiG1Tihv+xLMV7V6WuvXte+ne3ScYmV3UMov6",
  "amr": [
    "pwd"
  ],
  "app_displayname": "Outreach Kaia for Teams (Dev)",
  "appid": "9fb30059-30ee-402f-b0f8-da7f00d4cef9",
  "appidacr": "1",
  "idtyp": "user",
  "ipaddr": "91.209.24.237",
  "name": "Alexander2 Hrytsenko",
  "oid": "02639f70-5a78-4457-bfe2-129f6ee921f5",
  "platf": "8",
  "puid": "100320037C6F10AA",
  "rh": "0.AVEAA5zx3RhCp0S3qLirFSvKPwMAAAAAAAAAwAAAAAAAAADQAM0.",
  "scp": "AppCatalog.Read.All AppCatalog.Submit ChannelMessage.Read.All OnlineMeetingArtifact.Read.All OnlineMeetingRecording.Read.All OnlineMeetings.Read OnlineMeetingTranscript.Read.All TeamsAppInstallation.ReadForChat TeamsAppInstallation.ReadWriteAndConsentSelfForChat User.Read profile openid email",
  "signin_state": [
    "kmsi"
  ],
  "sub": "_RHTugL_7-et0ixjHtWC6dYbLaqUJW03c-ioFuNWZtY",
  "tenant_region_scope": "NA",
  "tid": "ddf19c03-4218-44a7-b7a8-b8ab152bca3f",
  "unique_name": "******@testor2023.onmicrosoft.com",
  "upn": "******@testor2023.onmicrosoft.com",
  "uti": "8YlFM_zOlk2bmWJKY9g2AA",
  "ver": "1.0",
  "wids": [
    "b79fbf4d-3ef9-4689-8143-76b194e85509"
  ],
  "xms_st": {
    "sub": "o3sicSf3sZ9bpo09xTqRt_OIG5EDS4Jc65xvqU3p7lE"
  },
  "xms_tcdt": 1700099978
}

Moreover, I can do a following trick: If I copy this join URL to the Teams Calendar,

It will generate a slightly different link, that I can copy:

https://teams.microsoft.com/l/meetup-join/19%3ameeting_NjBmNDY0MjEtNTQ0OS00ZGM0LTgwOTQtZTljMjc0NTc1ZDBl%40thread.v2/0?context=%7b%22Tid%22%3a%22ddf19c03-4218-44a7-b7a8-b8ab152bca3f%22%2c%22Oid%22%3a%2202639f70-5a78-4457-bfe2-129f6ee921f5%22%7d

Now I can access to this meeting (200 response)

curl --location 'https://graph.microsoft.com/v1.0/me/onlineMeetings?%24filter=JoinWebUrl%20eq%20%27https%3A%2F%2Fteams.microsoft.com%2Fl%2Fmeetup-join%2F19%3ameeting_NjBmNDY0MjEtNTQ0OS00ZGM0LTgwOTQtZTljMjc0NTc1ZDBl%40thread.v2%2F0%3Fcontext%3D%7b%22Tid%22%3a%22ddf19c03-4218-44a7-b7a8-b8ab152bca3f%22%2c%22Oid%22%3a%2202639f70-5a78-4457-bfe2-129f6ee921f5%22%7d%27' 

So I am wondering where is the magic, how can I get an access to my own meeting by join web URL that is being generated by Teams Addon for Google Calendar..?

If I decode both links, I can notice that TiD is the same, while OiD is different as well as meeting ID

https://teams.microsoft.com/l/meetup-join/19:meeting_ODFlYWRmMGMtNGQ5MC00NTFhLTllNWYtNmU3ZjY3ZjFmMmI2@thread.v2/0?context={"Tid":"ddf19c03-4218-44a7-b7a8-b8ab152bca3f","Oid":"a48d8206-bf6d-4ea4-aa1f-040444934ce1"}

vs

https://teams.microsoft.com/l/meetup-join/19:meeting_NjBmNDY0MjEtNTQ0OS00ZGM0LTgwOTQtZTljMjc0NTc1ZDBl@thread.v2/0?context={"Tid":"ddf19c03-4218-44a7-b7a8-b8ab152bca3f","Oid":"02639f70-5a78-4457-bfe2-129f6ee921f5"}

P.S. I am logged in to Teams Addon with exact same account that I use for API testing..

Answer 1

Hi @Alexander Hrytsenko

Great to know that the issue has already been resolved and thanks for sharing the solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that the question author cannot accept their own answer. They can only accept answers by others, I'll repost your solution in case you'd like to Accept the answer.

 

Case Title: Forbidden Access to my own Teams Meeting

 

Issue Symptom: How can I get an access to my own meeting by join web URL that is being generated by Teams Addon for Google Calendar..?

 

Resolution: Please use the same account for API and Teams Addon

 

Thanks for your understanding and support.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

---

Answer 2

My bad. I used two different account for API and Teams Addon.