Forum Discussion

PhoneMe007's avatar
PhoneMe007
Brass Contributor
Mar 24, 2021
Solved

Authenticating with an access token Connect-MicrosoftTeams

Has anyone tried authenticating with an access token (using -AadAccessToken or -MsAccessToken)? The old version of New-CsOnlineSession had an -OAuthAccessToken param, which accepted a jwt with the PS ...
Administrator
calling
microsoft teams
  • NMLVS's avatar
    NMLVS
    Oct 15, 2021
    FYI - I raised a ticket, and it should be fixed by mid november.

    Issue description:
    Cannot properly run Connect-MicrosoftTeams -AccessTokens

    Resolution Steps:
    Escalated case with our engineering Team
    Issue is known bug and currently being fixed
    Expecting a fix to go out by NOV mid
Simon Shaw's avatar
Simon Shaw
Copper Contributor
May 24, 2021

PhoneMe007 

I am pretty sure that this is the same problem that I am having. 

This is what I am doing.

For my test added a new user to my tenant with the global admin role and is configured it to use MFA. This is the only user that in the tenant that is configured this way.
In AzureAD I then added a new App Registration which was allocated the Application (client) ID of "71045f16-xxxx-xxxx-xxxx-xxxx".
To this App Registration I added a new secret that was assigned the Secret ID "314e6c61-xxxx-xxxx-xxxx-xxxxxxxxxxxxx" and the value "YDjZy--xx~xxxxxxxxxxxxxxx.xx.xxxxx".
I also added Policy.Read.All API Permission.

I then ran the following script which acquires the access_token that is used in the Connect-MicrosoftTeams command.

$clientId = "71045f16-xxxx-xxxx-xxxx-xxxx"  
$clientSecret = "YDjZy--xx~xxxxxxxxxxxxxxx.xx.xxxxx"  
$tenantName = "mydomain.onmicrosoft.com"  
$resource = "https://graph.microsoft.com/"  
$tokenBody = @{  
   Grant_Type    = "client_credentials"  
   Scope         = "https://graph.microsoft.com/.default"  
   Client_Id     = $clientId  
   Client_Secret = $clientSecret  
}   
$tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantName/oauth2/v2.0/token" -Method POST -Body $tokenBody  
Import-Module MicrosoftTeams
Connect-MicrosoftTeams -AadAccessToken $tokenResponse.access_token -AccountId mfaadmin@mydomain.net

Whatever command I try to run fails with the following error:

Get-CsCloudMeetingPolicy
   Get-CsOnlineSession : Run Connect-MicrosoftTeams before running cmdlets.
   At C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\2.3.1\net472\SfBORemotePowershellModule.psm1:63 char:22
   +     $remoteSession = & (Get-CsOnlineSessionCommand)
   +                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   + CategoryInfo          : NotSpecified: (:) [Get-CsOnlineSession], UnauthorizedAccessException
   + FullyQualifiedErrorId : UnauthorizedAccessException,Microsoft.Teams.ConfigApi.Cmdlets.GetCsOnlineSession
 ``Invoke-Command : Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument
   that is not null or empty, and then try the command again.
  At C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\2.3.1\net472\SfBORemotePowershellModule.psm1:2975 char:38
 + ...    -Session (Get-PSImplicitRemotingSession -CommandName 'Get-CsCloudM ...
 +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 + CategoryInfo          : InvalidData: (:) [Invoke-Command], ParentContainsErrorRecordException
 + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand

When I run the Connect-MicrosoftTeams command with the standard credentials parameters, I am able to call all the powershell commands (that I tested with).
Is this the same issue, or should I open a separate thread?

Resources