Forum Discussion
Resource-specific consent not showing up in permission grants
I've got an Azure app registration, and a Teams application with a manifest that specifies that ID in the
webApplicationInfo. I also have the following permissions specified in the manifest:
I then hit "Publish" within https://dev.teams.microsoft.com/, and publish the app into my organisation, which I am fairly sure is a Microsoft 365 Developer tenant. Once I've approved the app and added it to Teams, I see the following permissions:
I have a backend for my Teams app, and I'd like it to be able to create channels. I do this by using my app's ID and secret, and hitting the OAuth2 token endpoint for the developer tenant, with a scope of "https://graph.microsoft.com/.default". This gives me back a JWT token, that when I decode it using jwt.ms, has Group.Selected in the roles array. This all seems correct so far!
When I then use that token to create a channel, I get the following error:
Missing role permissions on the request. API requires one of 'Channel.Create, Teamwork.Migrate.All, Group.ReadWrite.All, Directory.ReadWrite.All, Channel.Create.Group'. Roles on the request 'TeamsAppInstallation.ReadWriteSelfForTeam.All, Group.Selected, TeamsAppInstallation.ReadForTeam.All'. Resource specific consent grants on the request ''.
I would expect to be getting Channel.Create.Group as a resource-specific consent grant. How can I find out why this isn't happening? I've been following this guide but when I use the Graph Explorer to call https://graph.microsoft.com/beta/teams/{team-id}/permissionGrants for the team I installed the app into, I get back an empty array.
Hopefully someone can spot what I'm doing wrong.
5 Replies
Meghana-MSFTMicrosoft
Apologies for the delay, could you please share below details -
- How did you install the app in the team?
- Share the response headers of both the installation call and the get permission grants call.
Meghana-MSFTany news on this? I'm having the same issue with "Missing role permissions on the request. API requires one of 'TeamsActivity.Send, TeamsActivity.Send.User'. Roles on the request ''. Resource specific consent grants on the request ''."
I updated the manifest to include the resource specific permissions and uploaded it. Installing the app shows the new version, but I still get the same error.
- Meghana-MSFTThank you for reporting this, we will check this and get back to you.
- Is there any update on this at all?
Meghana-MSFT Thanks for looking, I appreciate it!
