Hi Team,
We are using a multi tenant app registration for our chatbot. Bot has users from different tenants and we were able to use a single app registration for using the delegated MS graph permissions. While signing in, users from other tenants will be getting the 'Accept' button and on successful signing in, bot was able to validate the users using the token.
Currently, we have added few application permissions for accessing the MS permissions to schedule meeting and to get the presence of the user. We have upgraded the graph NuGet package to the latest version and did changes accordingly.
We were able to get the presence and able to schedule meeting with users who are in the tenant where the app registration is created.
For other tenant users, we are getting invalid user exceptions.
While creating the the graph client we have used the tenant id where app registration created and we got exception "Failed to execute GetChildThreadsV2Async."
Also we created graph client using the other customer tenant id who is using the same app registration , and got the below exception,
Missing role permissions on the request. API requires one of 'ChannelSettings.Read.All, Channel.ReadBasic.All, ChannelSettings.ReadWrite.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All, ChannelSettings.Read.Group, ChannelSettings.Edit.Group, ChannelSettings.ReadWrite.Group'. Roles on the request ''. Resource specific consent grants on the request ''.
Below is the code used, (shared by MS team)
var scopes = new[] { "https://graph.microsoft.com/.default" };
var tenantId = <tenant id where app registration is created>
// Values from app registration
var clientId = "clientid";
var clientSecret = "secret";
var options = new TokenCredentialOptions { AuthorityHost = AzureAuthorityHosts.AzurePublicCloud, }; var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
Please find the permission details in the actual app registration and the enterprise application added in other tenant.
Actual app registration permissions:
Same app registration in enterprise application of other tenants:
Admin Consent tab:
User Consent tab: Shows all the delegated permissions added.