Not able to get Transcript content through Graph API

Question

From here, we are tried to calling the Graph API for getting transcript content.

Useful information:

MicrosoftAppType=MultiTenant
MicrosoftAppId=2dacff5b-9494-45b4-90f1-df6953d401aa
MicrosoftAppTenantId=91e213e9-498d-46b9-bc35-cd0aa9390b45

SubscriptionId=1106df7f-3a2b-4b98-80ff-7ab8738177d

MeetingID=MSpiYTc2OWFjOC0wOTc1LTRiOTctYTlmOS03NWFlYzZiNjEwMDQqMCoqMTk6bWVldGluZ19OV1ZsTmpoaU9Ua3RNV000WWkwME1HSmhMV0ZoT1RZdE0yUmlObVk0WmpnMk9HUTVAdGhyZWFkLnYy

TranscriptID=VjIjIzFiYTc2OWFjOC0wOTc1LTRiOTctYTlmOS03NWFlYzZiNjEwMDQ5MWUyMTNlOS00OThkLTQ2YjktYmMzNS1jZDBhYTkzOTBiNDUwNDAwMDAwMDgyMDBFMDAwNzRDNUI3MTAxQTgyRTAwODAwMDAwMDAwNDQ4MzI0ZjY2ZGQyZGEwMTAwMDAwMDAwMDAwMDAwMDAxMDAwMDAwMGEzMWUzOWY1MDhhZWM5NGVhZWM2ZDlkYzEwMjIzNWQ3IyMwZjM1MWUxNy1mMjRjLTRiZmUtYTM4NC0zZDdmN2ZmODliMzE=
 

Application/RSC permission (we have added required permission in manifest)

Firstly we have created GraphClient with our application credentials as follows:

// @azure/identity
const credential = new ClientSecretCredential(
    process.env.MicrosoftAppTenantId,
    process.env.MicrosoftAppId,
    process.env.MicrosoftAppPassword
);

// @microsoft/microsoft-graph-client/authProviders/azureTokenCredentials
const authProvider = new TokenCredentialAuthenticationProvider(credential, {
    // The client credentials flow requires that you request the
    // /.default scope, and pre-configure your permissions on the
    // app registration in Azure. An administrator must grant consent
    // to those permissions beforehand.
    scopes: ['https://graph.microsoft.com/.default']
});


const graphClient = Client.initWithMiddleware({ authProvider: authProvider });

Also we have created subscription successfully with following code:

const transcriptSubscription = {
        changeType: 'created',
        notificationUrl: 'https://6ebd-2405-201-1021-7808-298c-d664-4dae-fff3.ngrok-free.app/notificationClient',
        lifecycleNotificationUrl: 'https://6ebd-2405-201-1021-7808-298c-d664-4dae-fff3.ngrok-free.app/api/lifecycleNotifications',
        resource: 'communications/onlineMeetings/getAllTranscripts?useResourceSpecificConsentBasedAuthorization=true',
        includeResourceData: true,
        encryptionCertificate: '{valid certificate}',
        encryptionCertificateId:'{validId}
        expirationDateTime: '2024-07-11T11:00:00.0000000Z',
        clientState: '{secretClientState}'
    };

  await graphClient.api('/subscriptions')
        .post(transcriptSubscription).then((res) => {
console.log('Subscription:', res);
        }).catch((err) => {
            console.log('Error:', err);
        });

This code results into creating valid subscription

res: {
  '@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#subscriptions/$entity',
  id: '1106df7f-3a2b-4b98-80ff-7ab8738177d9',
  resource: 'communications/onlineMeetings/getAllTranscripts?useResourceSpecificConsentBasedAuthorization=true',
  applicationId: '2dacff5b-9494-45b4-90f1-df6953d401aa',
  changeType: 'created',
  clientState: '{secretClientState}',
  notificationUrl: 'https://6ebd-2405-201-1021-7808-298c-d664-4dae-fff3.ngrok-free.app/notificationClient',
  notificationQueryOptions: null,
  lifecycleNotificationUrl: 'https://6ebd-2405-201-1021-7808-298c-d664-4dae-fff3.ngrok-free.app/api/lifecycleNotifications',
  expirationDateTime: '2024-07-11T11:00:00Z',
  creatorId: 'b3d2c52d-3d02-43bf-bd27-6408d62af8a1',
  includeResourceData: true,
  latestSupportedTlsVersion: 'v1_2',
 // Other data
}

we are listening on tenant so the events are getting received as expected:

subscriptionId: '1106df7f-3a2b-4b98-80ff-7ab8738177d9',
  changeType: 'created',
  clientState: '{secretClientState}',
  subscriptionExpirationDateTime: '2024-07-11T11:00:00+00:00',
  resource: "communications/onlineMeetings('MSpiYTc2OWFjOC0wOTc1LTRiOTctYTlmOS03NWFlYzZiNjEwMDQqMCoqMTk6bWVldGluZ19OV1ZsTmpoaU9Ua3RNV000WWkwME1HSmhMV0ZoT1RZdE0yUmlObVk0WmpnMk9HUTVAdGhyZWFkLnYy')/transcripts('VjIjIzFiYTc2OWFjOC0wOTc1LTRiOTctYTlmOS03NWFlYzZiNjEwMDQ5MWUyMTNlOS00OThkLTQ2YjktYmMzNS1jZDBhYTkzOTBiNDUwNDAwMDAwMDgyMDBFMDAwNzRDNUI3MTAxQTgyRTAwODAwMDAwMDAwNDQ4MzI0ZjY2ZGQyZGEwMTAwMDAwMDAwMDAwMDAwMDAxMDAwMDAwMGEzMWUzOWY1MDhhZWM5NGVhZWM2ZDlkYzEwMjIzNWQ3IyMwZjM1MWUxNy1mMjRjLTRiZmUtYTM4NC0zZDdmN2ZmODliMzE=')",
// Other data

When we are trying to call content API we are getting error

 await graphClient
            .api(`users/${ process.env.MicrosoftAppId }/onlineMeetings/${ meetingId }/transcripts/${ transcriptId }`)
           
            .get()
            .then((dataFromResponse) => {
                console.log('### dataFromResponse:', dataFromResponse);
            })
            .catch((error) => {
                console.log('### error:', error);
            });

We receive error response as follows

body: `{"code":"Forbidden","message":"Application is not allowed to perform operations on the user '2dacff5b-9494-45b4-90f1-df6953d401aa', neither is allowed access through RSC permission evaluation.","innerError":{"date":"2024-07-10T02:45:09","request-id":"81fbbe48-d368-41d0-b5ab-f1a3e59f237a","client-request-id":"34e6cbfd-a622-0969-e57e-cc9c3c4e04c0"}}`,

Let me know what are we doing wrong here, also my application is contributor to Subscription, we also tried with "beta" version but result is same.

Answer 1

From here, I guess application policy was not added properly,

Also you are calling this Graph API Endpoint for getting transcript right? --> GET /users/{userId}/onlineMeetings/{meetingId}/transcripts/{transcriptId} I am seeing that you are using "process.env.MicrosoftAppId" instead of using userID. You must use the same userID by which you have granted the access policy.

Hope this helps!