Forum Discussion
vsehgal
Feb 15, 2024Copper Contributor
OnlineMeetings.ReadWrite.All' that doesn't exist on the resource
I am trying to authenticate via OAuth with the following scopes: Calendars.ReadWrite,OnlineMeetingArtifact.Read.All,OnlineMeetings.ReadWrite.All,User.Read However it returns with an error AADSTS...
vsehgal
Feb 23, 2024Copper Contributor
vikram-MFST
Feb 27, 2024Microsoft
Hello vsehgal
It looks like you are calling application permissions in the scopes for a user authentication flow. Users will receive delegated permissions after a successful authentication, not application permissions. Also could you please verify if you are using proper permissions?
1)Delegated permissions: Also called scopes, allow the application to act on behalf of the signed-in user.
2)Application permissions: Also called app roles, allow the app to access data on its own, without a signed-in user.
Authentication and authorization basics - Microsoft Graph | Microsoft Learn
Also make sure that when using multiple scopes in the authentication request, the scopes must be separated with a space.
- vsehgalFeb 27, 2024Copper ContributorHi Vikram,
Thanks for the insight. A little bit background about this integration -
Cvent is used by Planners to plan their meetings and events who for their virtual events, utilize MS Teams as a solution. The goal of the integration is to be able to create Online meetings on behalf of any user in that client's tenant. For this the client creates an app reg, with the above scopes and permissions, run partial scripts to create an access policy and apply it globally to all users in their organization. We use the apps credentials to authenticate and it works to create and manage meetings and its registrants on behalf of the organizer that is specified by the planner in Cvent (who is a user in this organization).
Hence the application permission. Is there no way to use this OnlineMeetings.ReadWrite.All to be able to create and read the applications on behalf of any user vs just the signed in user?
Thanks,
Vakul- vikram-MFSTFeb 28, 2024MicrosoftHello vsehgal
You can use the OnlineMeetings.ReadWrite permission for delegated access, which allows the app to create, read, update, and delete online meetings on behalf of the signed-in user
If you want to create and read online meetings on behalf of any user, you can use application permissions such as OnlineMeeting.Read.All and OnlineMeeting.ReadWrite.All- vsehgalFeb 28, 2024Copper ContributorHi
Yes, however for OnlineMeeting.ReadWrite.All we will need the client credential auth flow right?