0

We have created MS Teams application using fluent UI with Tab capability. We are performing few action like sending adaptive card to person/channel and creating tab with website link.

Application is started showing error while we click on the ADD while running in local environment.

After clicking on Add it call API https://teams.microsoft.com/api/mt/part/emea-03/beta/users/apps/definitions/appPackage which is failing with error code 400 with below response.

{"errorCode":"InvalidResourceSpecificPermission"}

While checking permissions we have following entries in the manifest.json

"authorization": {
    "permissions": {
        "resourceSpecific": [
            { "type": "Application", "name": "People.Read.All" },
            { "type": "Application", "name": "Chat.Create" },
            { "type": "Application", "name": "TeamsTab.ReadWrite.All" }
        ]
    }
},

I checked with documentation and found this permissions are correct. Kindly help us to resolve this issue as its blocking our development.

Shabbir Dhangot
  • 8,954
  • 10
  • 58
  • 80

2 Answers2

2

The permissions you've listed there are Graph permissions (e.g. see here which lists TeamsTab.ReadWrite.All). As per the schema, you are trying to use these in the resourceSpecific list, which requires Resource-specific consent permissions instead. See here for the options: https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent

Hilton Giesenow
  • 9,809
  • 2
  • 10
  • 24
  • I have removed TeamsTab permission but it didn't help. Can you guide what all permission is allowed as resourceSpecific list – Shabbir Dhangot Jun 25 '22 at 16:26
  • Also if I remove from here where I need to add this. I am kind of new developing microsoft apps. Can you help me with some good tutorial where it explain this things. – Shabbir Dhangot Jun 25 '22 at 16:34
  • TeamsTab was just an example - all 3 of your permissions are incorrectly Graph permissions. The allowed permissions are in the link I posted already, in my original answer. – Hilton Giesenow Jun 25 '22 at 18:12
0

Just as Hilton said, you can only use the Resource-specific consent permissions listed here: https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent.

If you want to use Graph permission, you can follow the steps below:

  1. Change the permissions in templates\appPackage\aad.template.json file:

     "requiredResourceAccess": [
     {
         "resourceAppId": "Microsoft Graph",
         "resourceAccess": [
             {
                 "id": "People.Read.All",
                 "type": "Role"
             },
             {
                 "id": "People.Read.All",
                 "type": "Role"
             },
             {
                 "id": "TeamsTab.ReadWrite.All",
                 "type": "Role"
             }
         ]
     }
 ],

  2. Update remote AAD app permission through deploy command: enter image description here

  3. Copy client id and client secret from AAD portal enter image description here

  4. Follow the steps to get access token https://learn.microsoft.com/en-us/graph/auth-v2-service#4-get-an-access-token

Other reference:

How do I get a Graph API token with higher permission than the user?

https://github.com/OfficeDev/TeamsFx/issues/5314

SLdragon
  • 1,477
  • 16
  • 19