I'm having trouble retrieving user data in Microsoft Teams using the TeamsInfo.getMember method from BotBuilder. The request returns an "Unauthorized" error.

Question

I'm having trouble retrieving user data in Microsoft Teams using the TeamsInfo.getMember method from BotBuilder. The request returns an "Unauthorized" error.

Mateus Epifanio Linhares 5

Hello,

I developed a chatbot using BotBuilder, and at one stage of the flow, I implemented a module responsible for collecting user data.

import { TeamsInfo, TurnContext } from "botbuilder";
import { UserValidator } from "./validateUser.js";
import { userStateInfo } from "../../dto/interfaceInfoUserState.js";
export class UserService {
    static async getValidateUser(context: TurnContext): Promise<userStateInfo> {
        const member = await TeamsInfo.getMember(context, context.activity.from.id);
        const user = UserValidator.validate(member);
            
        return user;
    }
}

Previously, I was using this same method within the Azure Bot Service, which allowed me to specify whether the bot was multi-tenant or single-tenant, without requiring any additional permission configurations or further setup.

However, after Microsoft’s recent update, I started encountering the following errors:

[onTurnError] unhandled error: UserDataError: Error invalid user: RestError: Authorization has been denied for this request.
RestError: Authorization has been denied for this request. 
 {
  "name": "RestError",
  "statusCode": 401,
  "details": {
    "message": "Authorization has been denied for this request."
  },

The errors are occurring precisely at the step where I retrieve the user's information. At this point in the flow, I have a piece of code that handles authentication using BotBuilder, and the authentication itself completes successfully.

import {
    CloudAdapter,
    ConfigurationServiceClientCredentialFactory,
    createBotFrameworkAuthenticationFromConfiguration
} from 'botbuilder';
import { env } from '../env.js'

const credentialsFactory = new ConfigurationServiceClientCredentialFactory({
    MicrosoftAppId: env.MicrosoftAppId,
    MicrosoftAppPassword: env.MicrosoftAppPassword,
    MicrosoftAppType: "MultiTenant"
});

const botFrameworkAuthentication = createBotFrameworkAuthenticationFromConfiguration(null, credentialsFactory);

const adapter = new CloudAdapter(botFrameworkAuthentication);
const streamingAdapter = new CloudAdapter(botFrameworkAuthentication)

const onTurnErrorHandler = async (context, error) => {
    console.error(`\n [onTurnError] unhandled error: ${ error }`);

    await context.sendTraceActivity(
        'OnTurnError Trace',
        `${ error }`,
        'https://www.botframework.com/schemas/error',
        'TurnError'
    );

    await context.sendActivity('The bot encountered an error or bug.');
    await context.sendActivity('To continue to run this bot, please fix the bot source code.');
};

adapter.onTurnError = onTurnErrorHandler;
streamingAdapter.onTurnError = onTurnErrorHandler;

export { adapter, streamingAdapter };

Is it possible that I'm missing a configuration step?

Here's what I’ve done so far:

Created the Azure Bot Service.

Set up the communication channels with Microsoft Teams.

In Azure Entra ID, I assigned the required permissions (as shown in the attached image) and generated the client secret to use in the source code.

In the Microsoft Teams Developer Portal, I configured the bot application using the service’s App ID.

Could you please let me know if there’s anything else I need to configure? I’m wondering if I may be missing a crucial step.

0 comments

1 answer

Your answer

Answer 1

Alex Burlachenko 22,120 MVP Volunteer Moderator

Mateus Epifanio Linhares hi,

your code and setup look correct, which means the issue is almost certainly with the api permissions for your azure ad app registration.

the TeamsInfo.getMember call requires a specific permission that might have been reset or changed during the recent microsoft update. your bot needs the User.Read.All application permission to read user profiles in teams.

go to the azure portal and find the app registration for your bot. under 'manage', go to 'api permissions'.

check if the User.Read.All permission from microsoft graph is present. it must be an application permission, not a delegated permission.

if it is not there, you need to add it. click 'add a permission', select 'microsoft graph', then 'application permissions', and find User.Read.All in the 'user' section. add it.

after adding the permission, you must grant admin consent for it. there will be a button for this next to the permission. without admin consent, the permission is not active.

once the permission is granted, wait a few minutes for the change to propagate, and then test your bot again. the 401 unauthorized error should be resolved.

try to verify your bot's app registration has the User.Read.All application permission from microsoft graph and that admin consent has been granted.

regards,

Alex

and "yes" if you would follow me at Q&A - personaly thx.
P.S. If my answer help to you, please Accept my answer

https://ctrlaltdel.blog/

Mateus Epifanio Linhares 5

I added the User.Read.All permission in Applications and granted the required consent. However, I’m still getting the following error:

RestError: Authorization has been denied for this request.

{

"name": "RestError",

"statusCode": 401,

"details": {

"message": "Authorization has been denied for this request."

},

"request": {

"url": "https://smba.trafficmanager.net/amer/24ff4a29-e5c2-4481-8e46-6901ad0b6042/v3/conversations/a%3A10SfjWJ/members/29%3A1kr6yQ",

"headers": {

  "accept-encoding": "gzip,deflate",

  "user-agent": "botframework-connector/4.0.0 Microsoft-BotFramework/3.1 botframework-connector/4.23.3   core-rest-pipeline/1.22.0 Node/24.7.0 OS/(x64-Windows_NT-10.0.26100)",

  "x-ms-client-request-id": "5a1d0b",

  "accept": "*/*",

  "authorization": "REDACTED"

},

"method": "GET",

"timeout": 0,

"disableKeepAlive": false,

"streamResponseStatusCodes": {},

"withCredentials": false,

"requestId": "5b",

"allowInsecureConnection": false,

"enableBrowserStreams": false

}

Mateus Epifanio Linhares 5

And the worst part is that not even the message intended for the bot is being forwarded in this step I’m using.

 this.onMessage(async (context, next) => {
            console.log("FROM ID:", context.activity.from.id);
            console.log("ACTIVITY:", context.activity);
            try {
                const profile = await this.dispatcher.getHandler(context, 'user');
                await context.sendActivity(`Olá ${profile.name}`);
            } catch (err: any) {
                console.log(err)
                throw new UserDataError(`Error invalid user: ${err}`, err as Error);
            }

            await next();
        });

Mateus Epifanio Linhares 5 Reputation points

2025-10-02T19:12:56.95+00:00

Actually, my question has changed. After reviewing the situation this morning, I realized that it's no longer possible to configure the bot as multi-tenant, since this functionality has been discontinued. Currently, it can only be created as single-tenant or identity.

That said, my question now is: given that my bot is configured as single-tenant, how can users from other tenants use my bot application in Microsoft Teams?
Manas Mohanty 17,185 Reputation points Microsoft External Staff Moderator

2025-10-03T11:15:16.9733333+00:00

Hi Mateus Epifanio Linhares

Once the single tenant app is published to app store other tenants can consume it too.

Reference - https://learn.microsoft.com/en-us/answers/questions/2286498/teams-chatbot-multi-tenants-deployed

Thank you

Share via

I'm having trouble retrieving user data in Microsoft Teams using the TeamsInfo.getMember method from BotBuilder. The request returns an "Unauthorized" error.

1 answer

Your answer