0

I am making an application for Microsoft Teams.

Must get the teams in Microsoft Teams that the user is a direct member of. If I use the same email under which I registered the application in Active Directory, then getting the list on request to /me/joinedTeams is not difficult. However, if I am using someone else's Teams account, I get an UnknownError when requesting /me/joinedTeams.

I noticed that after consent and authorization in the Microsoft Graph, the user has a token shorter than mine.

However, it works with other endpoints (/me and /drive/root). Permissions are exposed in accordance with the documentation.

Permissions:

Directory.Read.All
Directory.ReadWrite.All
email
Files.Read
Files.Read.All
Files.Read.Selected
Group.Read.All
Group.ReadWrite.All
offline_access
openid
profile
Team.ReadBasic.All
TeamsAppInstallation.ReadWriteSelfForChat.All
TeamsAppInstallation.ReadWriteSelfForTeam.All
TeamsAppInstallation.ReadWriteSelfForUser.All
TeamSettings.Read.All
TeamSettings.ReadWrite.All
User.Read
User.Read.All
User.ReadWrite.All

enter image description here

Uolary
  • 91
  • 2
  • 7
  • Are you using a personal accounts? – Shiva Keshav Varma Mar 05 '21 at 02:06
  • Yes, I'm using a personal account for testing @ShivaKeshavVarma – Uolary Mar 05 '21 at 06:43
  • `me/JoinedTeams` doesn't support [Personal Accounts](https://learn.microsoft.com/en-us/graph/api/user-list-joinedteams?view=graph-rest-1.0&tabs=http#permissions) – Shiva Keshav Varma Mar 05 '21 at 06:49
  • But works on `/me` and `/drive/root` because they are supported for personal accounts. – Shiva Keshav Varma Mar 05 '21 at 06:50
  • Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions. See https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work – Shiva Keshav Varma Mar 05 '21 at 06:57
  • But when I send a request to /me/drive/root/search(q='') I get a 403 response with an accessDenied error Although I have set all the permissions that are described in the documentation for this endpoint @ShivaKeshavVarma – Uolary Mar 05 '21 at 07:00
  • Is this happening only with personal accounts? – Shiva Keshav Varma Mar 05 '21 at 07:48
  • Yes, this only happens with personal accounts @ShivaKeshavVarma – Uolary Mar 05 '21 at 08:10
  • Can you check if your access token has the [required permission](https://learn.microsoft.com/en-us/graph/api/driveitem-search?view=graph-rest-1.0&tabs=http#permissions)? – Shiva Keshav Varma Mar 05 '21 at 08:33
  • I checked, all permissions from this documentation are in the appendix @ShivaKeshavVarma – Uolary Mar 05 '21 at 08:37
  • Could you please share the screenshots of those permissions you assigned and the code that you used for making this graph call. – Shiva Keshav Varma Mar 05 '21 at 09:26
  • Screenshots of permissions - https://i.imgur.com/qFWA660.png I make requests in Postman.- https://i.imgur.com/lMFnBi2.png @ShivaKeshavVarma – Uolary Mar 05 '21 at 11:20
  • Ok, use that bearer token and put it in https://jwt.ms to see if the you has permission in it or not. – Shiva Keshav Varma Mar 05 '21 at 12:16
  • I noticed that the tokens of a private user and account organizational directory differ. Private account - https://i.imgur.com/Fipbpog.png Account organizational directory - https://i.imgur.com/wz9WWrh.png @ShivaKeshavVarma – Uolary Mar 05 '21 at 12:42
  • Yes, AFAIK the personal account token comes from live.com, where as for organization the Azure AD sends the access token. – Shiva Keshav Varma Mar 05 '21 at 12:54
  • I also noticed that the length of the token from a private user is shorter than from account organizational directory @ShivaKeshavVarma – Uolary Mar 05 '21 at 13:09
  • Yes, it is true!! And you can see the idp claim as live in personal accounts. – Shiva Keshav Varma Mar 05 '21 at 13:36

1 Answers1

0

Here you are getting the error because the /me/joinedTeams doesn't support personal accounts. See this document.

It works for /me and /drive/root because it supports personal accounts. See this document and this document.

Shiva Keshav Varma
  • 3,398
  • 2
  • 9
  • 13