AccessToken issue with Connect-MicrosoftTeams

New Contributor

Hi,

We're encountering this error when we do Connect-MicrosoftTeams using access tokens. 

Items.png

 

Here's our scenario:

Given:

  • Guest user from another Azure tenant that's given admin permissions
  • App registration with secret and UPN optional claim.

Steps:

  1. Login to a tenant with the guest user. Were logging in using Azure React MSAL library.
  2. We're able to get a token with the UPN claim for this guest user. At this point we're storing the id_token which we submit to our backend where we get Graph and Teams tokens.
  3. Retrieve Graph and Teams tokens for Connect-MicrosoftTeams to use. Here are the parameters we used to get Graph token:Items (1).png
  4. Once we get the Graph and Teams token, then we use `Connect-MicrosoftTeams -AccessTokens (..)`. However this would return the error above.

We're not entirely sure but our guess was due to missing UPN claims from the Graph/Teams tokens. If we do the same steps above with a user from within our tenant, then it would complete properly. It only happens when we use a guest user with admin privileges. 

 

Any ideas or suggestions would be greatly appreciated!

 

Cheers,

Jason

 

 

8 Replies
@jasonbrl- We are looking into this I will get back to you soon.

@jasonbrl - Could you please try out with the following command-

Connect-MicrosoftTeams -AccessTokens @($graphtoken, $teamstoken) -AccountId User@company.com
@jasonbrl - Did you get chance to check above suggestion?

Hi @Sayali-MSFT , thanks for the suggestion. However when I tried the command, I was getting this error Screen Shot 2022-07-15 at 7.26.13 PM.png

@jasonbrl -Could you please clarify more, how you are using this cmdlet?
Hi @Sayali-MSFT,

We are calling `Connect-MicrosoftTeams` on an ASP.NET WebAPI. This api is hosted on a linux container with powershell installed. If we used a user within a tenant, this flow would work. It only fails if a user is a guest within the tenant.
@jasonbrl - We do not support Guest users to do admin actions, PowerShell cmdlets are meant for organization's users, not guest users.
If you are referring to CSP partner users, then we allow Powershell access.
Hello @jasonbrl - Do you need any further details this issue or shall we close this issue?