Feb 21 2024 09:16 AM
Hi there,
I'm building a Microsoft Teams application. It works by installing it into a Team. The app works closely with another system that I created. From my UI (MSAL, React), I want to build an integration wizard, that creates a Team, installs the MS Teams app into the team and in this way completes the integration between the Team channel and my system.
I managed to authorize MSAL with the required permissions to create a Team (it works), but installing the app into the team with Graph API is the problem. This function fails with a Forbidden error which explains that I need at least TeamsAppInstallation.ReadWriteForTeam scope:
export async function addAppToTeam(accessToken, appId, teamId) { const headers = new Headers(); const bearer = `Bearer ${accessToken}`; headers.append("Authorization", bearer); headers.append("Content-Type", 'application/json'); const options = { method: "POST", headers: headers, body: JSON.stringify({ "email address removed for privacy reasons": `https://graph.microsoft.com/v1.0/appCatalogs/teamsApps/${appId}`, }) }; return fetch(`https://graph.microsoft.com/v1.0/teams/${teamId}/installedApps`, options).then(handleErrors); }
If I try to request the scope TeamsAppInstallation.ReadWriteForTeam with MSAL, I get error on Microsoft side: needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.
By doing this flow with Global Administrator, I can make it pass. But I want to enable people with permissions to manage their own created Teams to install the app there too.
The weird thing is that with the same user, that is not allowed to install the app, I can install the app from MS Teams UI. So permission wise there should be possible to do that with Graph API.
Please advise how to install the MS Teams app to a Team via Graph API without Global administrator rights to teams that are managed by that user.
Thank you in advance!
Feb 21 2024 10:15 PM
Mar 04 2024 11:43 PM