Forum Discussion
Send Activity Notification with Application permission doesn't support Multi-Tenancy
I am trying to use the https://learn.microsoft.com/en-us/graph/api/userteamwork-sendactivitynotification with Application permission (TeamsActivity.Send).
The API works as expected if the token was created with a Single-tenant authority URL (authorityHost+'/'+tenantId).
However, I am unable to make it work with a multitenant authority URL (authorityHost+'/common').
I tried 3 options -
- https://learn.microsoft.com/en-us/microsoftteams/platform/toolkit/teamsfx-sdk#supported-functions - Used createMicrosoftGraphClientWithCredential with AppCredential
- TenantId is automatically appended to authorityUrl. No way to specify '/common'
- TenantId is automatically appended to authorityUrl. No way to specify '/common'
- https://github.com/microsoftgraph/msgraph-sdk-javascript/blob/607bf2044e20f8adb396a65bf4fbfb40e29f3fcf/docs/TokenCredentialAuthenticationProvider.md: Used ClientSecretCredential from the azure/identity library.
- Same result. No way to specify '/common' in the authorityUrl. The https://learn.microsoft.com/en-us/javascript/api/%40azure/identity/clientsecretcredentialoptions?view=azure-node-latest#@azure-identity-clientsecretcredentialoptions-additionallyallowedtenants property made no difference.
- https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/docs/initialize-confidential-client-application.md#initializing-the-confidentialclientapplication-object: Used ConfidentialClientApplication with acquireTokenByClientCredential
- Got the following error -
ClientAuthError: missing_tenant_id_error: A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.
- Got the following error -
ssj_springctin -
It is not explicitly stated whether the Send Activity Notification with Application permission supports Multi-Tenancy. However, it is mentioned that the activity feed notification API doesn't support cross-tenant notifications for apps in a shared channel. This suggests that there may be limitations with multi-tenancy in certain scenarios.
Basically when you request an application token, you need to request it for the tenant of users you want to send notifications to.
Doing so requires that an admin accept your app consent for each tenant. More information can be found here:
https://learn.microsoft.com/en-us/graph/auth-v2-service
3 Replies
Sayali-MSFTMicrosoft
ssj_springctin -
It is not explicitly stated whether the Send Activity Notification with Application permission supports Multi-Tenancy. However, it is mentioned that the activity feed notification API doesn't support cross-tenant notifications for apps in a shared channel. This suggests that there may be limitations with multi-tenancy in certain scenarios.
Basically when you request an application token, you need to request it for the tenant of users you want to send notifications to.
Doing so requires that an admin accept your app consent for each tenant. More information can be found here:
https://learn.microsoft.com/en-us/graph/auth-v2-serviceHi Sayali-MSFT ,
Thank you for your response.For now, tenant-wise application token is working as expected for us.
- Sayali-MSFTssj_springctin- Thanks for reporting your issue.
We will check this at our end and will get back to you.
