Forum Discussion
saminc
Mar 13, 2024Copper Contributor
Resource-specific consent not showing up in permission grants
I've got an Azure app registration, and a Teams application with a manifest that specifies that ID in the
webApplicationInfo. I also have the following permissions specified in the manifest:
I then hit "Publish" within https://dev.teams.microsoft.com/, and publish the app into my organisation, which I am fairly sure is a Microsoft 365 Developer tenant. Once I've approved the app and added it to Teams, I see the following permissions:
I have a backend for my Teams app, and I'd like it to be able to create channels. I do this by using my app's ID and secret, and hitting the OAuth2 token endpoint for the developer tenant, with a scope of "https://graph.microsoft.com/.default". This gives me back a JWT token, that when I decode it using jwt.ms, has Group.Selected in the roles array. This all seems correct so far!
When I then use that token to create a channel, I get the following error:
Missing role permissions on the request. API requires one of 'Channel.Create, Teamwork.Migrate.All, Group.ReadWrite.All, Directory.ReadWrite.All, Channel.Create.Group'. Roles on the request 'TeamsAppInstallation.ReadWriteSelfForTeam.All, Group.Selected, TeamsAppInstallation.ReadForTeam.All'. Resource specific consent grants on the request ''.
I would expect to be getting Channel.Create.Group as a resource-specific consent grant. How can I find out why this isn't happening? I've been following this guide but when I use the Graph Explorer to call https://graph.microsoft.com/beta/teams/{team-id}/permissionGrants for the team I installed the app into, I get back an empty array.
Hopefully someone can spot what I'm doing wrong.
- Meghana-MSFTMicrosoftThank you for reporting this, we will check this and get back to you.
- samincCopper Contributor
Meghana-MSFT Thanks for looking, I appreciate it!
- samincCopper ContributorIs there any update on this at all?