Forum Discussion

PhoneMe007's avatar
PhoneMe007
Brass Contributor
Mar 24, 2021
Solved

Authenticating with an access token Connect-MicrosoftTeams

Has anyone tried authenticating with an access token (using -AadAccessToken or -MsAccessToken)? The old version of New-CsOnlineSession had an -OAuthAccessToken param, which accepted a jwt with the PS ...
Administrator
calling
microsoft teams
  • NMLVS's avatar
    NMLVS
    Oct 15, 2021
    FYI - I raised a ticket, and it should be fixed by mid november.

    Issue description:
    Cannot properly run Connect-MicrosoftTeams -AccessTokens

    Resolution Steps:
    Escalated case with our engineering Team
    Issue is known bug and currently being fixed
    Expecting a fix to go out by NOV mid
guyfrancis's avatar
guyfrancis
Copper Contributor
May 27, 2021

I've got the 2.3.2 preview installed and I am now getting this error:

PS C:\Users\Administrator> Connect-MicrosoftTeams -AccessTokens @($graph_token, $teams_token) -AccountId XXXX@XXXX
Connect-MicrosoftTeams : Invalid audiences 48ac35b8-9aa8-4d74-927d-1f4a14a0b239 found in the provided tokens
At line:1 char:1
+ Connect-MicrosoftTeams -AccessTokens @($graph_token, $teams_token) -A ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : AuthenticationError: (:) [Connect-MicrosoftTeams], ArgumentException
    + FullyQualifiedErrorId : Connect-MicrosoftTeams,Microsoft.TeamsCmdlets.Powershell.Connect.ConnectMicrosoftTeams

Connect-MicrosoftTeams : Invalid audiences 48ac35b8-9aa8-4d74-927d-1f4a14a0b239 found in the provided tokens
At line:1 char:1
+ Connect-MicrosoftTeams -AccessTokens @($graph_token, $teams_token) -A ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Connect-MicrosoftTeams], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.TeamsCmdlets.Powershell.Connect.ConnectMicrosoftTeams

 

I used "https://graph.microsoft.com/.default" as the scope for the graph access token, what should l use as the scope for the teams access token, any ideas?

 

PhoneMe007's avatar
PhoneMe007
Brass Contributor
May 27, 2021

guyfrancis

If I supply the tokens without securing them, I get an error about invalid audience too, which we have seen in the past when trying to use wrong tokens (e.g. using a graph token for sfb calls)

The error message is interesting though. When I supply a graph token and a sfb token, it says:
Invalid audiences xxxxxxxx-9aa8-4d74-927d-1f4a14a0b239 found in the provided tokens

(It seems you have to supply a minimum of 2 tokens, or else you get a different error asking to supply a graph + a teams token)

Anyway, when I supply a graph token + a random Azure AD token (intentionally incorrect), it gives the same error as above. When I supply a sfb token with a Azure AD token, it says:

Invalid audiences https://graph.microsoft.com,xxxxxxxx-9aa8-4d74-927d-1f4a14a0b239 found in
the provided tokens

  • aplay9's avatar
    aplay9
    Copper Contributor
    May 27, 2021

    PhoneMe007 I'm seeing this same behavior.  My understanding is that the newest version was deprecating the AAD tokens, but it appears to still require them.  But then when they are provided it complains that the audience is incorrect.