Thank you all for the feedback on this blog, and through other sources. Some customers and partners won’t be able to fully transition to using MSAL 2.0 because of the lack of Application Permissions in Azure Active Directory (AAD). This feature allows running an app in the background without requiring users to sign in.
As such, we’re removing the December 1 for exclusive support of AAD tokens with the Groups API. Groups API will continue to support both the legacy Yammer OAuth Tokens and AAD tokens until further notice.
We encourage using AAD tokens with Yammer where applicable (e.g.Single Page JS Application, Server Side Application). We will publish further updates here. Thank you.
Starting December 1 2020, Yammer Groups API endpoints will only support the usage of Azure Active Directory (AAD) tokens. Yammer Groups API endpoints will no longer support the usage of Yammer OAuth tokens. Microsoft recommends that customers and partners transition to using Microsoft Authentication Library (MSAL) and AAD tokens with the Yammer API.
Last year, we announced Native Mode, which gets your network ready to experience Microsoft 365 integrations. Native Mode requires that all your users are created in AAD, all Groups are Microsoft 365 Connected and all Yammer Files are stored in SharePoint Online. With the move to files in SharePoint, Yammer Files API started require using AAD tokens.
As Yammer continues its journey to integrate into the Microsoft 365 ecosystem, there will be even more shared Yammer experiences across Microsoft 365, such as with Teams, Outlook and other applications. All of these require using AAD tokens. Yammer's OAuth token cannot be accepted to conduct these operations. Overtime all Yammer API endpoints will be changed to exclusively support AAD tokens.
Starting December 1, 2020, Yammer Group API endpoints that are used to Update, Delete Groups, and manage Group Membership and Group Admins will only support AAD tokens. Using Yammer OAuth tokens will result in a bad request response from the server. Create and Read operations will be supported with Yammer OAuth tokens, however using AAD tokens for all API scenarios with Yammer is strongly recommended.
The change is applicable to the following documented Yammer Groups API endpoints:
MakeAdmin: POST /api/v1/groups/:id/make_admin(.:format)
RevokeAdmin: POST /api/v1/groups/:id/revoke_admin(.:format)
All Connected Yammer Groups (including Yammer networks in Native Mode) will require AAD tokens. Using the Yammer OAuth tokens will return a rejected response.
In non-Native Yammer networks, users without Group creation rights in AAD will be able to create unconnected Yammer Groups.
What should you do?
Set up AAD Client Application: Follow these instructions to set up a client application and assign Delegated Yammer API Permissions to access Yammer APIs.
Yammer supports Delegated Permissions in Azure Active Directory. This means that your application will access the Yammer API as the signed in user. Application permissions are currently not supported by Yammer in Azure Active Directory.
Enabling user_impersonation allows the application to access the Yammer platform on behalf of the signed in user.
External networks are not supported with MSAL 2.0
Server-side application: Using the Microsoft identity platform implementation of OAuth 2.0, you can add sign in and API access to your mobile and desktop apps If you are running a server-side app that requires the usage of long-lived AAD tokens, then use the Microsoft Identity Platform OAuth 2.0 authorization code flow to acquire AAD Access Tokens, with a Refresh Token. This enables your app to request a new AAD access token without requiring any user interaction. Take a look at these sample apps that support MSAL 2.0.
We’re committed to working with the developer community in transitioning to the new world of AAD tokens! Please check out the resources below, post your questions/comments here or email firstname.lastname@example.org.