Reputation: 9121
MS Teams: Getting Error "Please check the values of authorisation.permissions.resourceSpecific."
We have created MS Teams application using fluent UI with Tab capability. We are performing few action like sending adaptive card to person/channel and creating tab with website link.
Application is started showing error while we click on the ADD while running in local environment.
After clicking on Add it call API https://teams.microsoft.com/api/mt/part/emea-03/beta/users/apps/definitions/appPackage which is failing with error code 400 with below response.
{"errorCode":"InvalidResourceSpecificPermission"}
While checking permissions we have following entries in the manifest.json
"authorization": {
"permissions": {
"resourceSpecific": [
{ "type": "Application", "name": "People.Read.All" },
{ "type": "Application", "name": "Chat.Create" },
{ "type": "Application", "name": "TeamsTab.ReadWrite.All" }
]
}
},
I checked with documentation and found this permissions are correct. Kindly help us to resolve this issue as its blocking our development.
Upvotes: 0
Views: 659
Answers (2)
Reputation: 1627
Just as Hilton said, you can only use the Resource-specific consent permissions listed here: https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent.
If you want to use Graph permission, you can follow the steps below:
Change the permissions in
templates\appPackage\aad.template.jsonfile:"requiredResourceAccess": [ { "resourceAppId": "Microsoft Graph", "resourceAccess": [ { "id": "People.Read.All", "type": "Role" }, { "id": "People.Read.All", "type": "Role" }, { "id": "TeamsTab.ReadWrite.All", "type": "Role" } ] } ],Update remote AAD app permission through deploy command:
Copy client id and client secret from AAD portal
Follow the steps to get access token https://learn.microsoft.com/en-us/graph/auth-v2-service#4-get-an-access-token
Other reference:
How do I get a Graph API token with higher permission than the user?
https://github.com/OfficeDev/TeamsFx/issues/5314
Upvotes: 0
Reputation: 10804
The permissions you've listed there are Graph permissions (e.g. see here which lists TeamsTab.ReadWrite.All). As per the schema, you are trying to use these in the resourceSpecific list, which requires Resource-specific consent permissions instead. See here for the options: https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent
Upvotes: 2
Related Questions
- MS Graph Api missing permissions
- Having issue with Microsoft Teams access policy - New-CsApplicationAccessPolicy
- Status Code: Forbidden; Reason: The request is not authorized for this user or application
- Unable to access Microsoft Graph API's
- Error 7505 - Request Authorization Tenant Mismatch
- Create a teams team error when using Microsoft graph api
- Not able to add certain Graph API Permissions
- Access Denied when querying Teams in Microsoft Graph
- Getting "Authorization has been denied for this request." when attempting to create a channel in Teams
- Microsoft Teams (beta) API: Looks like you may not have the permissions for this call. Please modify your permissions