Status Code: Forbidden; Reason: The request is not authorized for this user or application

Question

I am trying to subscribe to Microsoft Teams Presence API for a particular user.

Request Url:

https://graph.microsoft.com/beta/subscriptions

Request Body

{ 
  'changeType': 'created,updated', 
  'notificationUrl': 'https://<domain-name>/presence-notify/', 
  'resource': '/communications/presences/{id}',
  'expirationDateTime': '2020-09-10T07:37:13Z', 
  'clientState': 'secretClientState' 
}

Response

{
  "error": {
    "code": "ExtensionError",
    "message": "Operation: Create; Exception: [Status Code: Forbidden; Reason: The request is not authorized for this user or application.]",
    "innerError": {
      "date": "2020-09-09T11:27:27",
      "request-id": "c563f94d-3c10-4c09-be35-0d1993d9a112"
    }
  }
}

The following delegated permissions were requested and granted by admin:

• Presence.Read
• Presence.Read.All

Client Certificate Pic

Answer 1

Finally i am able to solve the issue. As the error mentioned The request is not authorized for this user or application. So i thought there might be an issue with Access Token. Actually i was calling API on behalf of App i.e token with grant_type as client_credentials. Rather i should have called API on behalf of User i.e token with grant_type as password as it is clearly mentioned in documentation that permissions are delegated. I didn't use any encryptionCertificate still subscription was successful.

Answer 2

You need to specify the encryptionCertificate. From the documentation:

presence subscriptions require encryption. Subscription creation will fail if encryptionCertificate is not specified.