Getting all messages from Microsoft Teams

Question

I'm trying to get all the messages from Microsoft Teams in my tenant, I have registered the application to Azure, set the correct permissions and grated admin privileges.

What I am getting confused about is creating a GraphServiceClient. My app is more of an Daemon Application. I would really appreciate if someone could give me an example of how to create the client correctly.

this is my code so far:

            string[] graphScopes = { "https://graph.microsoft.com/.default" };
            IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
            .Create("x")
            .WithTenantId("x")
            .WithClientSecret("x")
            .Build();

            ClientCredentialProvider authProvider = new ClientCredentialProvider(app);
            GraphServiceClient graphClient = new GraphServiceClient(authProvider);
            try
            {
                var messages = await graphClient.Teams["x"].Channels["x@thread.skype"].Messages.Request().GetAsync();
                Console.ReadLine();
                foreach(var item in messages)
                {
                    Console.WriteLine(item.Body);
                }
            }
            catch(Exception e)

            {
                Console.WriteLine(e.Message);
                Console.Read();
            }

I'm getting the following error no matter what I'm trying to get Code: UnknownError Inner error: AdditionalData: request-id: x date: 2020-05-27T14:22:37 ClientRequestId:x

update: I was able to get something from the API, I had wrong permissions. still can't get the messages though, I have all these permission: ChannelMessage.Read.All, Group.Read.All, Group.ReadWrite.All I'm probably missing the "ChannelMessage.Read.Group (RSC)" permission but I can't find it in the permissions page.

Answer 1

May this is the solution or the problem ;-)

Microsoft Teams APIs in Microsoft Graph that access sensitive data are considered protected APIs. These APIs require that you have additional validation, beyond permissions and consent, before you can use them.

https://learn.microsoft.com/en-us/graph/teams-protected-apis

Answer 2

Your problem is you are accessing a "beta" api but using the production base url path.

The permission you need is ANY of the following (i.e. or not and):

• ChannelMessage.Read.Group (RSC) OR
• ChannelMessage.Read.All OR
• Group.Read.All OR
• Group.ReadWrite.All

Since you have Group.Read.All, that is ALL you need for permissions.

What you need to do is change the base URL to the beta api:

graphClient.BaseUrl = "https://graph.microsoft.com/beta";

UPDATED:

Since now you are saying that you are getting a "Forbidden" error, I think you also have a consent problem.

My guess is that you created & consented you app on one tenant but you are trying to access the data in another tenant. This will give you a forbidden errors. i.e. you created and consented on a dev azure account tenant and are trying to access your work tenant.

If this is the situation you need to: * Make sure that the setup you azure app to be multi-tenanted * You have to get your app consented by the target tenant

If you do that and use the beta endpoint I would expect that your example code will start working.

Update2:

Finally got around to trying to do the message list with a application context like you above and I get the same Forbidden error as well from the beta api. From a user context it works fine. So your answer will be to use a user context and not an application context to access this API.

It looks like what you are hitting is a Protected API. So if you want to use this API from an application context, you will have to submit a request to be allowed access to it.