Forum Discussion

PhoneMe007's avatar
PhoneMe007
Brass Contributor
Mar 24, 2021
Solved

Authenticating with an access token Connect-MicrosoftTeams

Has anyone tried authenticating with an access token (using -AadAccessToken or -MsAccessToken)? The old version of New-CsOnlineSession had an -OAuthAccessToken param, which accepted a jwt with the PS ...
Administrator
calling
microsoft teams
  • NMLVS's avatar
    NMLVS
    Oct 15, 2021
    FYI - I raised a ticket, and it should be fixed by mid november.

    Issue description:
    Cannot properly run Connect-MicrosoftTeams -AccessTokens

    Resolution Steps:
    Escalated case with our engineering Team
    Issue is known bug and currently being fixed
    Expecting a fix to go out by NOV mid
Iulian_Simonn's avatar
Iulian_Simonn
Copper Contributor
Feb 09, 2022
Hi everyone, I just tested the new PS Teams module 3.1.1. I still get the same error (Connect-MicrosoftTeams : Object reference not set to an instance of an object.),
I hope they will fix it on March...
doreladam's avatar
doreladam
Copper Contributor
Feb 10, 2022

Iulian_Simonn 

 

After creating an App Registration in Azure Active Directory with permissions like this:

I'm able to connect to Teams using:

$tenantName = ""  
$clientId = ""
$clientSecret = ""
$username = ""
$password = ""

$uri = "https://login.microsoftonline.com/$tenantName/oauth2/v2.0/token"

$body = @{  
   Grant_Type    = "password";
   Scope         = "https://graph.microsoft.com/.default"  
   Client_Id     = $clientId;
   Client_Secret = $clientSecret;
   Username      = $username; 
   Password      = $password; 
}   
$graphTokenResponse = Invoke-RestMethod -Method POST -Uri $uri -Body $body
$graphToken = $graphTokenResponse.access_token

$body = @{  
   Grant_Type    = "password"  # client_credentials
   Scope         = "48ac35b8-9aa8-4d74-927d-1f4a14a0b239/.default"
   Client_Id     = $clientId  
   Client_Secret = $clientSecret  
   Username      = $username  
   Password      = $password  
}   
$teamsTokenResponse = Invoke-RestMethod -Method POST -Uri $uri -Body $body
$teamsToken = $teamsTokenResponse.access_token

Connect-MicrosoftTeams -AccessTokens @($graphToken, $teamsToken)

Get-CsCallQueue

Disconnect-MicrosoftTeams

 

But the Get-CsCallQueue call fails with:

 

  • Dr. Jeffry A. Spain's avatar
    Dr. Jeffry A. Spain
    Brass Contributor
    Feb 24, 2022
    doreladam, I think you may be getting the HTTP 403 response with Get-CsCallQueue because the user $username you are impersonating may not have sufficient permissions to administer Teams/Skype for Business. Have you tried this with a global admin account? I can't, because all our admin accounts have multifactor authentication enabled, and that causes Connect-MicrosoftTeams to fail.
  • nikolasx's avatar
    nikolasx
    Copper Contributor
    Feb 22, 2022
    Looks like this is ROPC flow, not client credentials flow.

    The most likely cause of the error is that the module is searching for the "UPN" value of the token i.e. the user name. Authorization flow works because it's done in the context of a user and therefore the token has a UPN. Client credentials does not work because there is no user context and no UPN.

Resources