Getting 403 forbiddon error while creating Teams Meeting Link

asked 2021-04-21T19:23:50.557+00:00
Abhishek Sharma 1 Reputation point

I am using @azure/msal node module to get token and then create teams meeting link in nodeJS without user intervention using the following graph API endpoint:-
https://graph.microsoft.com/v1.0/users/{userId}/onlineMeetings

Below is my JWT token:-
{
"typ": "JWT",
"nonce": "R3hGCTGPk5fX2HocruYlNj00SM8zazby7TLKSmwwDTg",
"alg": "RS256",
"x5t": "nOo3ZDrODXEK1jKWhXslHR_KXEg",
"kid": "nOo3ZDrODXEK1jKWhXslHR_KXEg"
}.{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/487aa7ef-6b12-41b3-9622-af6c9f159a88/",
"iat": 1619029274,
"nbf": 1619029274,
"exp": 1619033174,
"aio": "E2ZgYJjnuPRg4y25RzJFO+c1qi4SAwA=",
"app_displayname": "ScheduleMeeting",
"appid": "399487f8-fd76-468b-920c-f2cc35780c15",
"appidacr": "1",
"idp": "https://sts.windows.net/487aa7ef-6b12-41b3-9622-af6c9f159a88/",
"idtyp": "app",
"oid": "9c45a357-8096-4814-9818-99d41afee819",
"rh": "0.AXEA76d6SBJrs0GWIq9snxWaiPiHlDl2_YtGkgzyzDV4DBVxAAA.",
"roles": [
"TeamSettings.ReadWrite.All",
"TeamMember.Read.All",
"Teamwork.Migrate.All",
"TeamsApp.Read.All",
"OnlineMeetings.ReadWrite.All",
"TeamsApp.ReadWrite.All",
"TeamMember.ReadWrite.All",
"Team.ReadBasic.All",
"TeamSettings.Read.All"
],
"sub": "9c45a357-8096-4814-9818-99d41afee819",
"tenant_region_scope": "AS",
"tid": "487aa7ef-6b12-41b3-9622-af6c9f159a88",
"uti": "-BFe2M9nNU-fc2oLypYDAA",
"ver": "1.0",
"xms_tcdt": 1609298167
}.[Signature]

this is my supported account type:-

90047-screenshot-158.png

these are my permissions:-

90048-screenshot-159.png

Microsoft Graph Teamwork API
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2021-04-22T12:04:37.38+00:00
    Diana Wanjuhi 1,371 Reputation points Microsoft Employee

    Hello @Abhishek Sharma from the create Online meeting documentation, there is an additional requirement when using application permissions - your administrator must create an application access policy and grant it to a user, authorizing the app configured in the policy to create an online meeting on behalf of that user (user ID specified in the request path). Please see documentation on configuring an application access policy to access online meetings with application permissions.

    Let me know if this helps and if you have further queries,

    Diana.