Forum Discussion

PhoneMe007's avatar
PhoneMe007
Brass Contributor
Mar 24, 2021
Solved

Authenticating with an access token Connect-MicrosoftTeams

Has anyone tried authenticating with an access token (using -AadAccessToken or -MsAccessToken)? The old version of New-CsOnlineSession had an -OAuthAccessToken param, which accepted a jwt with the PS ...
Administrator
Calling
microsoft teams
  • NMLVS's avatar
    NMLVS
    Oct 15, 2021
    FYI - I raised a ticket, and it should be fixed by mid november.

    Issue description:
    Cannot properly run Connect-MicrosoftTeams -AccessTokens

    Resolution Steps:
    Escalated case with our engineering Team
    Issue is known bug and currently being fixed
    Expecting a fix to go out by NOV mid
SjoerdV's avatar
SjoerdV
Iron Contributor
Dec 09, 2021

Update: Still no improvement on the App Only (Unattended) front in the latest MicrosoftTeams 3.0.0. module. The only reported working method is by using Delegate permissions https://docs.microsoft.com/en-us/powershell/module/teams/connect-microsoftteams?view=teams-ps under 'AccessTokens' parameter directions.


If someone has an ETA on setting CS policies in an unattended (or dare I say DSC manner), please post here

nikolasx's avatar
nikolasx
Copper Contributor
Dec 14, 2021
https://github.com/MicrosoftDocs/office-docs-powershell/issues/8623#issuecomment-993611923

This was just posted in a Github issue. Apparently Microsoft is aware of the issue and the ETA is March 2022.
  • Iulian_Simonn's avatar
    Iulian_Simonn
    Copper Contributor
    Feb 09, 2022
    Hi everyone, I just tested the new PS Teams module 3.1.1. I still get the same error (Connect-MicrosoftTeams : Object reference not set to an instance of an object.),
    I hope they will fix it on March...
    • nikolasx's avatar
      nikolasx
      Copper Contributor
      Feb 23, 2022
      The same issue still exists on preview version 3.2.
    • doreladam's avatar
      doreladam
      Copper Contributor
      Feb 10, 2022

      Iulian_Simonn 

       

      After creating an App Registration in Azure Active Directory with permissions like this:

      I'm able to connect to Teams using:

      $tenantName = ""  
$clientId = ""
$clientSecret = ""
$username = ""
$password = ""

$uri = "https://login.microsoftonline.com/$tenantName/oauth2/v2.0/token"

$body = @{  
   Grant_Type    = "password";
   Scope         = "https://graph.microsoft.com/.default"  
   Client_Id     = $clientId;
   Client_Secret = $clientSecret;
   Username      = $username; 
   Password      = $password; 
}   
$graphTokenResponse = Invoke-RestMethod -Method POST -Uri $uri -Body $body
$graphToken = $graphTokenResponse.access_token

$body = @{  
   Grant_Type    = "password"  # client_credentials
   Scope         = "48ac35b8-9aa8-4d74-927d-1f4a14a0b239/.default"
   Client_Id     = $clientId  
   Client_Secret = $clientSecret  
   Username      = $username  
   Password      = $password  
}   
$teamsTokenResponse = Invoke-RestMethod -Method POST -Uri $uri -Body $body
$teamsToken = $teamsTokenResponse.access_token

Connect-MicrosoftTeams -AccessTokens @($graphToken, $teamsToken)

Get-CsCallQueue

Disconnect-MicrosoftTeams

       

      But the Get-CsCallQueue call fails with:

       

      • Dr. Jeffry A. Spain's avatar
        Dr. Jeffry A. Spain
        Brass Contributor
        Feb 24, 2022
        doreladam, I think you may be getting the HTTP 403 response with Get-CsCallQueue because the user $username you are impersonating may not have sufficient permissions to administer Teams/Skype for Business. Have you tried this with a global admin account? I can't, because all our admin accounts have multifactor authentication enabled, and that causes Connect-MicrosoftTeams to fail.

Resources