Application permission for List teamsApp (GET /appCatalog/teamsApps)

Application permission for List teamsApp (GET /appCatalog/teamsApps)
1

Upvotes

Upvote

 Jan 20 2022
0 Comments 
New

For proactively installing an app or a chatbot to the personal scope of the user or channels, the documentation suggests a list of actions as below.

  1. Get teamAppId of your app
  2. Determine whether your bot is currently installed for the user.
  3. Install the app

The process of proactive installation, pragmatically should be considered as a single process in which we need to make at least two api requests if skipping the 2nd step for an app to be installed.

 

The apis consumed by the 2nd and the 3rd steps work with 'Application Permissions'. (Linked documentation for the apis of second and third steps.) But GET /appCatalog/teamsApps api that should be consumed to get the teamsAppId of the app or bot in the catalog doesn't support Application permissions and only supports Delegated permissions.

 

i.e, As a developer, I would initially complete the 'Admin consent' process and as a result, I would be able to get authorization for my 'OAuth App registration' (the consumer client I would create in Azure App registrations) through client credentials flow. Now I can successfully make an install request. But, to get the argument that is needed to make this install request which is the teamsAppId, I cannot use this authorization as the api doesn't support applciation permissions.

 

At this point, I am faced with two options

  1. asking a user to manually install the app first and use this api to list the apps with the same client authorization as it supports Application Permissions or,
  2. Implement the Authorization code grant flow (or implicit flow) additionally to get the authorization as a user to consume GET /appCatalog/teamsApps as it supports only delegated permissions.

I am using the second method to avoid any manual interference in the installation process.

Hence, the end user who would authorize the client, a Microsoft tenant administrator, faces two separate authorization flows, one, for him to give admin consent to give permission to install the app and the other, for him to authorize as a user so that we can get the teamsAppId. i.e, a unit process to achieve installation capability needs two separate authorizations currently which is not practical or user friendly.

 

While that is the case, requesting to add support for Application permissions for the GET /appCatalog/teamsApps api or another apt solution so that we will be able to read teamsAppId using client authorization.

 

To add another argument, the installation process logically should be done as the oauth client application (as my application) and not as a specific user.

 

(Link to a query raised on this issue, takes to docs.microsoft.com/en-us/answers...)