Teams Tab application permission delegated version of Chat.Read.All permissions

James Naadjie 20 Reputation points
2023-03-14T20:40:16.79+00:00

Our team is working on a teams tab application, and are running into a permissions issue. The application to request to

"https://graph.microsoft.com/v1.0/chats/19:78ffb8ec-1d0a-4732-b2cf-e4bc5d27d79c_f696a47b-8d45-4280-9f7f-02eccc265424@unq.gbl.spaces/members"

Returns the following error:

{"error":{"code":"Forbidden","message":"Missing role permissions on the request. API requires one of 'ChatMember.Read.WhereInstalled, ChatMember.ReadWrite.WhereInstalled, Chat.ReadBasic.WhereInstalled, Chat.Read.WhereInstalled, Chat.ReadWrite.WhereInstalled, ChatMember.Read.All, Chat.ReadBasic.All, Chat.Read.All, ChatMember.ReadWrite.All, Chat.ReadWrite.All, ChatMember.Read.Chat, Chat.Manage.Chat'
Resource specific consent grants on the request 

Is there an equivalent Chat.Read.All delegated permission we can use, instead of the resource specific, application permission?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,504 questions
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
3,401 questions
0 comments No comments
{count} votes

Accepted answer
  1. HarmeetSingh7172 4,816 Reputation points
    2023-03-14T23:34:43.6333333+00:00

    Hello James Naadjie,

    Thanks for reaching out.

    Based on the description, it seems like you are looking for an equivalent delegated permission in MS graph API that can be used for the Chat.Read.All application permission. The Chat.Read.All application permission is only available as an application permission, which requires an application to be configured with admin consent.

    Delegated permissions are used to access resources that the signed-in user has consented to. There are some delegated permissions that can be used with a Teams tab application, such as Chat.Read, Chat.ReadBasic, Chat.ReadWrite. These permissions allow the application to read and write messages in the signed-in user's chat conversations and channels.

    However, in your use-case, API requires role permissions on the request that would either be fulfilled by an application permission or a resource specific permission.

    Refer below links for better understanding:

    Intro to Permissions and Consent: https://learn.microsoft.com/en-us/azure/active-directory/develop/permissions-consent-overview

    Resource Specific Consent:

    https://learn.microsoft.com/en-us/microsoftteams/resource-specific-consent

    https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.