Forum Discussion

PhoneMe007's avatar
PhoneMe007
Brass Contributor
Mar 24, 2021
Solved

Authenticating with an access token Connect-MicrosoftTeams

Has anyone tried authenticating with an access token (using -AadAccessToken or -MsAccessToken)? The old version of New-CsOnlineSession had an -OAuthAccessToken param, which accepted a jwt with the PS ...
Administrator
calling
microsoft teams
  • NMLVS's avatar
    NMLVS
    Oct 15, 2021
    FYI - I raised a ticket, and it should be fixed by mid november.

    Issue description:
    Cannot properly run Connect-MicrosoftTeams -AccessTokens

    Resolution Steps:
    Escalated case with our engineering Team
    Issue is known bug and currently being fixed
    Expecting a fix to go out by NOV mid
doreladam's avatar
doreladam
Copper Contributor
Feb 10, 2022

Iulian_Simonn 

 

After creating an App Registration in Azure Active Directory with permissions like this:

I'm able to connect to Teams using:

$tenantName = ""  
$clientId = ""
$clientSecret = ""
$username = ""
$password = ""

$uri = "https://login.microsoftonline.com/$tenantName/oauth2/v2.0/token"

$body = @{  
   Grant_Type    = "password";
   Scope         = "https://graph.microsoft.com/.default"  
   Client_Id     = $clientId;
   Client_Secret = $clientSecret;
   Username      = $username; 
   Password      = $password; 
}   
$graphTokenResponse = Invoke-RestMethod -Method POST -Uri $uri -Body $body
$graphToken = $graphTokenResponse.access_token

$body = @{  
   Grant_Type    = "password"  # client_credentials
   Scope         = "48ac35b8-9aa8-4d74-927d-1f4a14a0b239/.default"
   Client_Id     = $clientId  
   Client_Secret = $clientSecret  
   Username      = $username  
   Password      = $password  
}   
$teamsTokenResponse = Invoke-RestMethod -Method POST -Uri $uri -Body $body
$teamsToken = $teamsTokenResponse.access_token

Connect-MicrosoftTeams -AccessTokens @($graphToken, $teamsToken)

Get-CsCallQueue

Disconnect-MicrosoftTeams

 

But the Get-CsCallQueue call fails with:

 

nikolasx's avatar
nikolasx
Copper Contributor
Feb 22, 2022
Looks like this is ROPC flow, not client credentials flow.

The most likely cause of the error is that the module is searching for the "UPN" value of the token i.e. the user name. Authorization flow works because it's done in the context of a user and therefore the token has a UPN. Client credentials does not work because there is no user context and no UPN.