Forum Discussion

cdantiags's avatar
cdantiags
Brass Contributor
Oct 09, 2023

Trying to use Teams SSO but with Dynamics CRM API to query a Dataverse Table.

Hi, I've followed the steps to integrate the SSO and it's working with Graph and the User.Read Scope.   But when I try to Add the scope user_impersonate (78ce3f0f-a1ce-49c2-8cde-64b5c0896db40 from ...
  • Prasad_Das-MSFT's avatar
    Prasad_Das-MSFT
    Oct 11, 2023

    cdantiags - 

    The problem you're facing might be due to the scope of the token. The SSO token you're getting from Teams is scoped for the Graph API ("User.Read") and might not have the necessary permissions to access the Dataverse API.

    In your Azure App Registration, you've added the Dynamics CRM permissions, which is correct for accessing Dataverse. However, you need to ensure that the token you're using in your Teams app includes these permissions.

    Here's how you can modify your code to include the necessary scopes:

    public async handleTeamsMessagingExtensionQuery(context: TurnContext, query: MessagingExtensionQuery): Promise<any> /*MessagingExtensionResponse */ {
        return await handleMessageExtensionQueryWithSSO(context, oboAuthConfig, initialLoginEndpoint, ["https://<your_dataverse_url>/.default"], async (token: MessageExtensionTokenResponse) => {
            // your code here
        });
    }
    

    In the above code, replace <your_dataverse_url> with your actual Dataverse URL. The /.default scope is a built-in scope for accessing all the permissions defined in an application registration.

     

     

     

    Thanks, 

    Prasad Das

    ------------------------------------------------------------------------------------------ 

    If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link.

Resources