MSTeams Graph API: user is getting private and shared channels which he is not a part of

Copper Contributor

The API in question:

https://learn.microsoft.com/en-us/graph/api/channel-list?view=graph-rest-1.0&tabs=http

As a user, I am getting the channels that I am not a part of listed. There is no flag that notifies me whether I am, or am not, a part of that channel. But, if I try to get the messages of that channel using 

https://learn.microsoft.com/en-us/graph/api/channel-get?view=graph-rest-1.0&tabs=http

then I get 403 error - access forbidden.

The problem is, I don't want to have users see the channels on the channel list, if they are not a part of that channel, but there is no way for me to check if I am a member of that channel, except by sending the 'Get Channel' request for each private or shared channel, to see if I get 403 error. 

Is this the expected Graph API behaviour, or not? Is there a way to overcome this issue I am facing?

3 Replies
What permissions are you running with? An admin user will be able to see all channels, without having to be a member of the parent team. Similarly, an Owner of the Team would see all private channels associated with it, while still not be able to access data therein.

@VasilMichev these are the permissions: Channel.ReadBasic.All ChannelMessage.Read.All ChannelMessage.Send Chat.ReadWrite Contacts.ReadWrite GroupMember.Read.All openid Presence.Read.All profile Team.ReadBasic.All User.Read.All email

I am not the Owner of the Team, I was added to it. I was added to some Private channels and then kicked out of them, but still getting them listed when fetching Channel list.

Maybe I'm missing something, but I don't see an issue with the permissions in my situation.