none
Group conversation - delegated permission RRS feed

  • Question

  • Hi,

    I have a requirement to read all Group conversations of my domain. I have an app registered that has both 'Delegated Permissions' and 'Application Permissions' for 'Group.Read.All'. Admin of the domain authorizes the application. 

    After the authorization, I use below 'client credentials' method to generate access token in order to access the '/groups/id/conversations'.

    token_url='https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token'
    head={
    "Content-Type": "application/x-www-form-urlencoded"
    }
    parameters={
    "client_id":{client_id},
    "client_secret":{client_secret},
    "tenant_id":{tenant_id},
    "scope":"https://graph.microsoft.com/.default",
    "grant_type":"client_credentials"
    }

    I am able to receive the access token and able to successfully use against Mail and OneDrive. But only when I use it to access conversations, I get below error.

    https://graph.microsoft.com/v1.0/groups/{id}/conversations

    Authorization: Bearer {Access Token Received above }

    {

      "error": {
        "code": "ErrorAccessDenied",
        "message": "Access is denied. Check credentials and try again.",
        "innerError": {
          "request-id": "1852039a-71c6-4c93-a98f-85a2e9ecc374",
          "date": "2018-06-25T03:57:44"
        }
      }
    }

    From what I read from the documentation, 'conversations' is not available for Application permissions and allowed only as 'Delegated Permissions'.

    Since my application has both 'Delegated' and 'Application', I wonder what else I miss ? Anyone has any idea?

    Thanks!


    Monday, June 25, 2018 4:01 AM