Forum Discussion

ssj_springctin's avatar
ssj_springctin
Copper Contributor
Oct 31, 2023

Send Activity Notification with Application permission doesn't support Multi-Tenancy

I am trying to use the Teams Send Activity Notification Graph API with Application permission (TeamsActivity.Send).

The API works as expected if the token was created with a Single-tenant authority URL (authorityHost+'/'+tenantId). 

However, I am unable to make it work with a multitenant authority URL (authorityHost+'/common'). 

 

I tried 3 options - 

  1. TeamsFx SDK - Used createMicrosoftGraphClientWithCredential with AppCredential
    • TenantId is automatically appended to authorityUrl. No way to specify '/common'

  2. Microsoft Graph Client SDK with TokenCredentialAuthentication: Used ClientSecretCredential from the azure/identity library. 
  3. Microsoft Graph Client SDK with Msal-Node: Used ConfidentialClientApplication with acquireTokenByClientCredential
    • Got the following error - 
      ClientAuthError: missing_tenant_id_error: A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.
  • ssj_springctin -
    It is not explicitly stated whether the Send Activity Notification with Application permission supports Multi-Tenancy. However, it is mentioned that the activity feed notification API doesn't support cross-tenant notifications for apps in a shared channel. This suggests that there may be limitations with multi-tenancy in certain scenarios.

    Basically when you request an application token, you need to request it for the tenant of users you want to send notifications to.

    Doing so requires that an admin accept your app consent for each tenant. More information can be found here:
    https://learn.microsoft.com/en-us/graph/auth-v2-service

  • ssj_springctin -
    It is not explicitly stated whether the Send Activity Notification with Application permission supports Multi-Tenancy. However, it is mentioned that the activity feed notification API doesn't support cross-tenant notifications for apps in a shared channel. This suggests that there may be limitations with multi-tenancy in certain scenarios.

    Basically when you request an application token, you need to request it for the tenant of users you want to send notifications to.

    Doing so requires that an admin accept your app consent for each tenant. More information can be found here:
    https://learn.microsoft.com/en-us/graph/auth-v2-service

Resources