Forum Discussion
209 Invoke Validation Failed - Different Chat Contexts
Hi there,
I have a strange issue.
When using Teams (occurs in both Desktop and Web clients), I get this error when trying to call one of our APIs from an Adaptive Card:
{
"errorCode": 0,
"message": "Invoke validation failed. User forbidden to perform action",
"standardizedError": {
"errorCode": 209,
"errorSubCode": 1,
"errorDescription": "Invoke validation failed. User forbidden to perform action"
}
}
It only happens when in a 1:1 chat and a group chat context. The error does not happen when interacting with the bot directly.
Here is the manifest:
{
"$schema":"https://developer.microsoft.com/en-us/json-schemas/teams/v1.16/MicrosoftTeams.schema.json",
"manifestVersion":"1.16",
"version":"1.2.0",
"id":"{{.AppID}}",
"localizationInfo":{
"defaultLanguageTag":"en-gb",
"additionalLanguages":[
]
},
"developer":{
"name":"REDACTED",
"websiteUrl":"REDACTED",
"privacyUrl":"REDACTED",
"termsOfUseUrl":"REDACTED"
},
"icons":{
"color":"color.png",
"outline":"outline.png"
},
"name":{
"short":"{{.AppName}}",
"full":"{{.AppName}}"
},
"description":{
"short":"REDACTED",
"full":"REDACTED"
},
"accentColor":"#00bd00",
"configurableTabs":[
],
"staticTabs":[
],
"bots":[
{
"botId":"{{.AppID}}",
"scopes":[
"personal",
"groupChat",
"team"
],
"needsChannelSelector":false,
"isNotificationOnly":false,
"supportsFiles":false,
"supportsCalling":false,
"supportsVideo":false,
"commandLists":[
{
"scopes":[
"personal",
"groupChat",
"team"
],
"commands":[
]
}
]
}
],
"composeExtensions":[
{
"botId":"{{.AppID}}",
"commands":[
{
"id":"REDACTED",
"context":[
"commandBox",
"compose",
"message"
],
"description":"REDACTED",
"title":"REDACTED",
"type":"action",
"fetchTask":true
}
]
}
],
"permissions":[
"identity",
"messageTeamMembers"
],
"devicePermissions":[
],
"validDomains":[
"REDACTED",
"REDACTED"
],
"showLoadingIndicator":false,
"isFullScreen":false,
"activities":{
},
"defaultInstallScope":"personal"
}
Note I have added "personal", "groupChat" and "team" scopes, which I thought would sort it.
Thanks.
- Sayali-MSFTMicrosoftJonnyBago82 - Thanks for reporting your issue.
We will check this at our end and will get back to you.- JonnyBago82Copper ContributorThanks Sayali-MSFT - I look forward to your response.
- Sayali-MSFTMicrosoft
JonnyBago82 -It sounds like you're encountering a permissions issue, The error "Invoke validation failed. User forbidden to perform action" with error code 209 typically occurs when there's a permission issue, often related to the user or bot not being authorized to perform the action in specific contexts like group chats or 1:1 chat, despite the correct scopes being configured in the manifest.
- Ensure that your API endpoint and the bot are authorized to be called in the context of group chats and 1:1 chat. Sometimes, additional permission configurations are needed to allow access when calling the API from different contexts.
- Ensure that the bot has the required permissions in Azure Active Directory (AAD). Check if the bot's Microsoft Graph API permissions (delegated or application) include the necessary scopes for the actions being attempted in group or personal chats.
- Ensure that your API endpoint and the bot are authorized to be called in the context of group chats and 1:1 chat. Sometimes, additional permission configurations are needed to allow access when calling the API from different contexts.