%3CLINGO-SUB%20id%3D%22lingo-sub-1617881%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20MSAL%20with%20Yammer%20Groups%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1617881%22%20slang%3D%22en-US%22%3E%3CP%3ESince%20you%20say%20that%20application%20permissions%20are%20%3CSTRONG%3Ecurrently%3C%2FSTRONG%3E%20not%20supported%2C%20is%20there%20a%20plan%20to%20support%20that%20at%20some%20point%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1623514%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20MSAL%20with%20Yammer%20Groups%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1623514%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F275644%22%20target%3D%22_blank%22%3E%40Emma_Degerman%3C%2FA%3E%26nbsp%3B%2C%20Can%20you%20please%20share%20details%20about%20the%20use%20case%20where%20you%20will%20need%20to%20use%20application%20permissions%20enabled%20with%20the%20Yammer%20API%20in%20Azure%20Active%20Directory%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1624932%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20MSAL%20with%20Yammer%20Groups%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1624932%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3291%22%20target%3D%22_blank%22%3E%40Sameer%20Sitaram%3C%2FA%3E%26nbsp%3BI%20can%20elaborate%20on%20our%20behalf.%20We%20have%20a%20solution%20which%20customers%20can%20use%20as%20a%20central%20endpoint%20for%20creating%20various%20collaboration%20spaces%20for%20their%20needs.%20These%20spaces%20can%20technically%20mean%20Teams-enabled%20groups%2C%20%22Outlook%20groups%22%2C%20Yammer%20groups%20or%20sometimes%20even%20SharePoint%20sites%20without%20a%20group%20attached%20at%20all.%20The%20provisioning%20itself%20is%20done%20in%20a%20backend%20process%2C%20typically%20pending%20approval%20by%20a%20manager.%20Use%20of%20delegated%20permissions%20is%20not%20practical%20in%20such%20scenarios%20and%20we've%20been%20so%20far%20holding%20off%20using%20AAD%20tokens%20for%20Yammer%20Group%20creation%20because%20of%20this%20reason.%20We%20do%20use%20AAD%20tokens%20for%20a%20variety%20of%20other%20purposes%2C%20so%20their%20benefits%20are%20well%20known.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1631939%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20MSAL%20with%20Yammer%20Groups%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1631939%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3291%22%20target%3D%22_blank%22%3E%40Sameer%20Sitaram%3C%2FA%3EHi%20Sameer%20we%20have%20integrated%20Yammer%20API%20to%20our%20web%20application%20and%20we%20are%20communicating%20with%20Yammer%20OAUTH%20tokens%20.%20My%20question%20is%20in%20future%20total%20yammer%20API%20going%20to%20listen%20only%20MSAL%20or%20just%20Yammer%20group%20API.%20if%20possible%20%2Cif%20you%20have%20some%20github%20code%20links%20in%20relating%20to%20this%20please%20share.%20appreciate%20your%20help%20.thank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1632230%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20MSAL%20with%20Yammer%20Groups%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1632230%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20scenarios%20we%20have%20had%20so%20far%20has%20mainly%20been%20centered%20around%20analytics%2C%20since%20the%20built%20in%20reports%20are%20quite%20limited%20as%20of%20now%2C%20as%20are%20the%20reporting%20end%20points%20provided%20through%20the%20graph.%20While%20there%20are%20limitations%20in%20the%20current%20APIs%20as%20well%2C%20we%20have%20still%20been%20able%20to%20use%20them%20to%20cover%20some%20of%20the%20gaps.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1634255%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20MSAL%20with%20Yammer%20Groups%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1634255%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3291%22%20target%3D%22_blank%22%3E%40Sameer%20Sitaram%3C%2FA%3E%26nbsp%3BDoes%20Yammer%20JS%20SDK%20fully%20support%20AAD%20Tokens%3F%3C%2FP%3E%3CP%3EI%20tried%26nbsp%3Byam.platform.setAuthToken()%20using%20an%20AAD%20token%20then%20called%20the%20following%20yammer%20endpoints%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eusers%2Fcurrent.json%20-%20working%3C%2FP%3E%3CP%3Egroups%2Ffor_user%2F%3CID%3E.json%20-%20working%3C%2FID%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Estreams%2Fnotifications.json%20-%20always%20failed%3C%2FP%3E%3CP%3Emessages.json%20-%20always%20failed%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1725197%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20MSAL%20with%20Yammer%20Groups%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1725197%22%20slang%3D%22en-US%22%3E%3CP%3EI%20believe%20this%20only%20applies%20to%20%3CSTRONG%3ENative%20mode%3C%2FSTRONG%3E%20Yammer%20OR%26nbsp%3B%3CSTRONG%3EConnected%20Yammer%20Groups%3C%2FSTRONG%3E%20in%26nbsp%3B%3CSTRONG%3ENon-native%2FHybrid%20mode%3C%2FSTRONG%3E%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20Yammer%20is%20in%20%3CSTRONG%3ENon-native%20Mode%3C%2FSTRONG%3E%26nbsp%3B%3CU%3Ewithout%3C%2FU%3E%20%3CSTRONG%3EConnected%20Yammer%20Groups%26nbsp%3B%3C%2FSTRONG%3EYammer%20Group%20API%20endpoints%20will%20still%20continue%20to%20work%20with%20Yammer%20OAuth%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1641890%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20MSAL%20with%20Yammer%20Groups%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1641890%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3291%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%40Sameer%20Sitaram%3C%2FA%3E%26nbsp%3Bwe%20%3CSTRONG%3Edesperately%3C%2FSTRONG%3E%20need%20application%20permissions%2C%20can%20you%20prioritize%20it%20in%20the%20roadmap%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1593907%22%20slang%3D%22en-US%22%3EUsing%20MSAL%20with%20Yammer%20Groups%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1593907%22%20slang%3D%22en-US%22%3E%3CP%20data-unlink%3D%22true%22%3E%3CSTRONG%3EUpdate%3A%20Oct%206%2C%202020%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CDIV%20class%3D%22speechBubble-497%22%3E%0A%3CDIV%20class%3D%22y-block%20contentStateBodyText-487%22%20dir%3D%22ltr%22%3E%0A%3CDIV%20class%3D%22inner-488%22%3E%0A%3CP%20class%3D%22paragraph-489%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22paragraph-489%22%3EThank%20you%20all%20for%20the%20feedback%20on%20this%20blog%2C%20and%20through%20other%20sources.%20Some%20customers%20and%20partners%20won%E2%80%99t%20be%20able%20to%20fully%20transition%20to%20using%20MSAL%202.0%20because%20of%20the%20lack%20of%20Application%20Permissions%20in%20Azure%20Active%20Directory%20(AAD).%20This%20feature%20allows%20running%20an%20app%20in%20the%20background%20without%20requiring%20users%20to%20sign%20in.%3C%2FP%3E%0A%3CP%20class%3D%22paragraph-489%22%3EAs%20such%2C%20we%E2%80%99re%20removing%20the%20December%201%20for%20exclusive%20support%20of%20AAD%20tokens%20with%20the%20Groups%20API.%20Groups%20API%20will%20continue%20to%20support%20both%20the%20legacy%20Yammer%20OAuth%20Tokens%20and%20AAD%20tokens%20until%20further%20notice.%3C%2FP%3E%0A%3CP%20class%3D%22paragraph-489%22%3EWe%20encourage%20using%20AAD%20tokens%20with%20Yammer%20where%20applicable%20(e.g.Single%20Page%20JS%20Application%2C%20Server%20Side%20Application).%20We%20will%20publish%20further%20updates%20here.%20Thank%20you.%3C%2FP%3E%0A%3CP%20class%3D%22paragraph-489%22%3E---%3C%2FP%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3CP%20data-unlink%3D%22true%22%3E%3CSTRIKE%3EStarting%20December%201%202020%2C%20Yammer%20Groups%20API%26nbsp%3Bendpoints%26nbsp%3B%20will%20only%20support%20the%20usage%20of%26nbsp%3BAzure%26nbsp%3BActive%20Directory%20(AAD)%20tokens.%26nbsp%3B%26nbsp%3BYammer%20Groups%20API%26nbsp%3Bendpoints%20will%20no%20longer%20support%20the%20usage%20of%20%3CA%20href%3D%22https%3A%2F%2Fdeveloper.yammer.com%2Fdocs%2Fauthentication-1%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYammer%20OAuth%20tokens%3C%2FA%3E.%26nbsp%3BMicrosoft%26nbsp%3Brecommends%20that%20customers%20and%20partners%20transition%20to%20using%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fmsal-overview%26nbsp%3B%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%3C%2FA%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fmsal-overview%26nbsp%3B%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%26nbsp%3BAuthentication%20Library%20(MSAL)%3C%2FA%3E%20and%20AAD%20tokens%20with%20the%26nbsp%3BYammer%20API.%3C%2FSTRIKE%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELast%20year%2C%20we%20announced%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fyammer%2Fconfigure-your-yammer-network%2Foverview-native-mode%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ENative%20Mode%3C%2FA%3E%2C%20which%20gets%20your%20network%20ready%20to%20experience%20Microsoft%20365%20integrations.%20Native%20Mode%20requires%20that%20all%20your%20users%20are%20created%20in%20AAD%2C%26nbsp%3Ball%20Groups%20are%20Microsoft%20365%20Connected%20and%20all%20Yammer%20Files%20are%20stored%20in%20SharePoint%20Online.%20With%20the%20move%20to%20files%20in%20SharePoint%2C%20Yammer%20Files%20API%20started%26nbsp%3B%20require%20using%20AAD%20tokens.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20Yammer%20continues%20its%20journey%20to%20integrate%20into%20the%20Microsoft%20365%20ecosystem%2C%20there%20will%20be%20even%20more%20shared%20Yammer%20experiences%20across%20Microsoft%20365%2C%20such%20as%20with%20Teams%2C%20Outlook%20and%20other%20applications.%20All%20of%20these%20require%20using%20AAD%20tokens.%20Yammer's%20OAuth%20token%20cannot%20be%20accepted%20to%20conduct%20these%20operations.%20Overtime%20all%20Yammer%20API%20endpoints%20will%20be%20changed%20to%20exclusively%20support%20AAD%20tokens.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRIKE%3EStarting%20December%201%2C%202020%2C%20Yammer%20Group%20API%20endpoints%20that%20are%20used%20to%20Update%2C%20Delete%20Groups%2C%20and%20manage%20Group%20Membership%20and%20Group%20Admins%20will%20only%20support%20AAD%20tokens.%26nbsp%3BUsing%20Yammer%20OAuth%20tokens%20will%20result%20in%20a%20bad%20request%20response%20from%20the%20server.%20Create%20and%20Read%20operations%20will%20be%20supported%20with%20Yammer%20OAuth%20tokens%2C%20however%20using%20AAD%20tokens%20for%20all%20API%20scenarios%20with%20Yammer%20is%20strongly%20recommended.%26nbsp%3B%3C%2FSTRIKE%3E%3C%2FP%3E%0A%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20data-unlink%3D%22true%22%3EThe%20change%20is%20applicable%20to%20the%20following%20documented%20Yammer%20Groups%20API%20endpoints%3A%3C%2FP%3E%0A%3CUL%20class%3D%22list-705%22%3E%0A%3CLI%20class%3D%22y-list--item%20listItem-706%22%3E%3CA%20href%3D%22https%3A%2F%2Fdeveloper.yammer.com%2Fdocs%2Fgroup_membershipsjsongroup_idid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EGroupMembership%3C%2FA%3E%3A%20POST%20%2Fapi%2Fv1%2Fgroup_memberships.json%3C%2FLI%3E%0A%3CLI%20class%3D%22y-list--item%20listItem-706%22%3E%3CA%20href%3D%22https%3A%2F%2Fdeveloper.yammer.com%2Fdocs%2Fgroup_membershipsjsongroup_idid-1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ERemoveMembership%3A%3C%2FA%3E%20DELETE%20%2Fgroup_memberships.json%3Fgroup_id%3D%5B%3Aid%5D%3C%2FLI%3E%0A%3CLI%20class%3D%22y-list--item%20listItem-706%22%3E%3CA%20href%3D%22https%3A%2F%2Fdeveloper.yammer.com%2Fdocs%2Fgroupsfor_useruser_idjson%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EGroupsForUser%3A%3C%2FA%3E%20GET%20%2Fapi%2Fv1%2Fgroups%2Ffor_user%2F%3AUser_Id.json%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EAnd%20also%20applicable%20to%20undocumented%20Yammer%20Groups%20endpoints%3A%3C%2FP%3E%0A%3CDIV%3E%0A%3CUL%3E%0A%3CLI%3ECreateGroup%3A%20POST%20%2Fapi%2Fv1%2Fgroups(.%3Aformat)%3C%2FLI%3E%0A%3CLI%3EUpdateGroup%3A%20PUT%20%2Fapi%2Fv1%2Fgroups%2F%3Aid(.%3Aformat)%3C%2FLI%3E%0A%3CLI%3EDeleteGroup%3A%20DELETE%20%2Fapi%2Fv1%2Fgroups%2F%3Aid(.%3Aformat)%3C%2FLI%3E%0A%3CLI%3EAddGroupMember%3A%20POST%20%2Fapi%2Fv1%2Fgroup_memberships(.%3Aformat)%3C%2FLI%3E%0A%3CLI%3ERemoveGroupMember%3A%20DELETE%20%2Fapi%2Fv1%2Fgroup_memberships(.%3Aformat)%3C%2FLI%3E%0A%3CLI%3EMakeAdmin%3A%20POST%20%2Fapi%2Fv1%2Fgroups%2F%3Aid%2Fmake_admin(.%3Aformat)%3C%2FLI%3E%0A%3CLI%3ERevokeAdmin%3A%20POST%20%2Fapi%2Fv1%2Fgroups%2F%3Aid%2Frevoke_admin(.%3Aformat)%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FDIV%3E%0A%3CP%3E%3CSTRONG%3ENotes%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAll%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fyammer%2Fmanage-yammer-groups%2Fyammer-and-office-365-groups%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EConnected%20Yammer%20Groups%3C%2FA%3E%20(including%20Yammer%20networks%20in%20Native%20Mode)%20will%20require%20AAD%20tokens.%20Using%20the%20Yammer%20OAuth%20tokens%20will%20return%20a%20rejected%20response.%3C%2FLI%3E%0A%3CLI%3EIn%20non-Native%20Yammer%20networks%2C%20users%20without%20Group%20creation%20rights%20in%20AAD%20will%20be%20able%20to%20create%20unconnected%20Yammer%20Groups.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSTRONG%3EWhat%20should%20you%20do%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3E%3CSTRONG%3EUse%20MSAL%20to%20authenticate%20with%20Yammer%3A%3C%2FSTRONG%3E%20Microsoft%20recommends%20that%20customers%20and%20partners%20transition%20their%20apps%20to%20authenticate%20using%20the%20Microsoft%20Authentication%20Library%20(MSAL)%20to%20acquire%20AAD%20tokens%20from%20the%20Microsoft%20Identity%20Platform%20to%20operate%20with%20the%20Yammer%20API.%20MSAL%20is%20available%20for%20.NET%2C%20JavaScript%2C%20Android%2C%20and%20iOS%2C%20which%20support%20many%20different%20application%20architectures%20and%20platforms.%20Learn%20about%20MSAL%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fmsal-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3ESet%20up%20AAD%20Client%20Application%3C%2FSTRONG%3E%3A%20Follow%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fquickstart-register-app%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethese%20instructions%3C%2FA%3E%20to%20set%20up%20a%20client%20application%20and%20assign%20Delegated%20Yammer%20API%20Permissions%20to%20access%20Yammer%20APIs.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%3CSTRONG%3ENotes%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EYammer%20supports%20Delegated%20Permissions%20in%20Azure%20Active%20Directory.%20This%20means%20that%20your%20application%20will%20access%20the%20Yammer%20API%20as%20the%20signed%20in%20user.%20Application%20permissions%20are%20currently%20not%20supported%20by%20Yammer%20in%20Azure%20Active%20Directory.%3C%2FLI%3E%0A%3CLI%3EEnabling%20%3CEM%3Euser_impersonation%3C%2FEM%3E%20allows%20the%20application%20to%20access%20the%20Yammer%20platform%20on%20behalf%20of%20the%20signed%20in%20user.%3C%2FLI%3E%0A%3CLI%3EExternal%20networks%20are%20not%20supported%20with%20MSAL%202.0%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSTRONG%3EApplication%20types%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EClient-side%26nbsp%3BSingle%20page%20JavaScript%20Application%3A%3C%2FSTRONG%3E%26nbsp%3BIf%20you%20are%20using%20a%20Single%20Page%26nbsp%3BAAD%26nbsp%3BApp%26nbsp%3Bthat%20uses%20the%20Implicit%26nbsp%3BGrant%20Flow%2C%20then%20your%20AAD%20App%26nbsp%3Bwill%20need%20to%20be%20mapped%20to%20its%20corresponding%26nbsp%3BYammer%26nbsp%3Bplatform%20Application.%26nbsp%3BPlease%20provide%20details%20about%20your%20application%20in%20this%E2%80%AF%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3Dv4j5cvGGr0GRqy180BHbRyOZxByRF1dLgv7k6ye5z8pUNEJOREVWQ1k3QkNXQTVJRURGOE9WQjVHRS4u%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSTRONG%3Eform%E2%80%AF%3C%2FSTRONG%3E%3C%2FA%3E%3CSTRONG%3E%3CU%3E%26nbsp%3B%3C%2FU%3E%3C%2FSTRONG%3Eand%20our%20team%20will%20work%20with%20you%20on%20the%20process%20to%20map%20your%20Yammer%26nbsp%3Band%26nbsp%3BAzure%26nbsp%3BActive%20Directory%20client%20applications.%20This%20is%20required%20to%20ensure%20that%20your%20application%20is%20not%20affected%20by%20Cross-Origin%20Resource%20Sharing%20(CORS)%20permissions%20issues.%20Learn%20about%20CORS%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FHTTP%2FCORS%23Who_should_read_this_article%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EServer-side%20application%3C%2FSTRONG%3E%3A%26nbsp%3BUsing%20the%20Microsoft%26nbsp%3Bidentity%26nbsp%3Bplatform%20implementation%20of%20OAuth%202.0%2C%20you%20can%20add%20sign%20in%20and%20API%20access%20to%20your%20mobile%20and%20desktop%20apps%26nbsp%3B%26nbsp%3B%26nbsp%3BIf%20you%20are%20running%20a%20server-side%20app%20that%20requires%20the%20usage%20of%20long-lived%26nbsp%3BAAD%26nbsp%3Btokens%2C%20then%20use%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fv2-oauth2-auth-code-flow%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%3CU%3E%26nbsp%3BIdentity%26nbsp%3BPlatform%26nbsp%3BOAuth%202.0%20authorization%20code%20flow%3C%2FU%3E%3C%2FA%3E%26nbsp%3Bto%26nbsp%3Bacquire%26nbsp%3BAAD%26nbsp%3BAccess%20Tokens%2C%20with%20a%20Refresh%20Token.%20This%20enables%26nbsp%3Byour%20app%26nbsp%3Bto%20request%20a%20new%20AAD%20access%20token%26nbsp%3Bwithout%26nbsp%3Brequiring%26nbsp%3Bany%26nbsp%3Buser%20interaction.%20Take%20a%20look%20at%20these%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fsample-v2-code%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Esample%20apps%3C%2FA%3E%26nbsp%3Bthat%20support%20MSAL%202.0.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSTRONG%3EResources%3C%2FSTRONG%3E%3A%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22TextRun%20SCXW132979443%20BCX0%22%20data-contrast%3D%22auto%22%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW132979443%20BCX0%22%3EWe%E2%80%99re%20committed%20to%20working%20with%20the%20developer%20community%20in%20transitioning%20to%20the%20new%20world%20of%20AAD%20tokens!%3CSPAN%3E%26nbsp%3BPlease%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%26nbsp%3Bcheck%20out%20the%20resources%20below%2C%20post%20your%20questions%2Fcomments%20here%20or%20email%26nbsp%3B%3CA%20href%3D%22mailto%3Aapi%40yammer.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eapi%40yammer.com.%3C%2FA%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ESingle%20Page%20JavaScript%20Application%20mapping%20request%20%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3Dv4j5cvGGr0GRqy180BHbRyOZxByRF1dLgv7k6ye5z8pUNEJOREVWQ1k3QkNXQTVJRURGOE9WQjVHRS4u%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eform%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fquickstart-register-app%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EQuickStart%20Register%20an%20Azure%20Active%20Directory%20application%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fmsal-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EOverview%20of%20Microsoft%20Authentication%20Library%20(MSAL)%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fyammer%2Fcode_samples%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ECode%20Samples%3A%3C%2FA%3E%20Review%20the%20code%20for%20Yammer%20Single%20Page%20app%20JavaScript%20app%20using%20MSAL%20for%20authentication%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FYammer-Blog%2FYammer-API-with-AAD-tokens-Postman-Collection%2Fba-p%2F857923%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EReference%3C%2FA%3E%3A%20Using%20AAD%20tokens%20with%20Yammer%20API%20with%20Postman%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1593907%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EStarting%20December%201%202020%2C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EYammer%20Groups%20API%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bendpoints%20will%20only%20support%20the%20usage%20of%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAzure%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3BActive%20Directory%20tokens.%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EMicrosoft%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Brecommends%20using%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fmsal-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3EMicrosoft%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fmsal-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%26nbsp%3BAuthentication%20Library%20(MSAL)%3C%2FA%3E%20and%20AAD%20tokens%20with%20the%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EYammer%20API%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1593907%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAPI%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EApp%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMSAL%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOAuth%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EYammer%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EYammer%20Admin%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1752123%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20MSAL%20with%20Yammer%20Groups%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1752123%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3291%22%20target%3D%22_blank%22%3E%40Sameer%20Sitaram%3C%2FA%3E%26nbsp%3B%20we%20also%20definitely%20need%20the%20application%20permission.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Update: Oct 6, 2020

---

Thank you all for the feedback on this blog, and through other sources. Some customers and partners won’t be able to fully transition to using MSAL 2.0 because of the lack of Application Permissions in Azure Active Directory (AAD). This feature allows running an app in the background without requiring users to sign in.

As such, we’re removing the December 1 for exclusive support of AAD tokens with the Groups API. Groups API will continue to support both the legacy Yammer OAuth Tokens and AAD tokens until further notice.

We encourage using AAD tokens with Yammer where applicable (e.g.Single Page JS Application, Server Side Application). We will publish further updates here. Thank you.

---

Starting December 1 2020, Yammer Groups API endpoints  will only support the usage of Azure Active Directory (AAD) tokens.  Yammer Groups API endpoints will no longer support the usage of Yammer OAuth tokens. Microsoft recommends that customers and partners transition to using Microsoft Authentication Library (MSAL) and AAD tokens with the Yammer API.

 

Last year, we announced Native Mode, which gets your network ready to experience Microsoft 365 integrations. Native Mode requires that all your users are created in AAD, all Groups are Microsoft 365 Connected and all Yammer Files are stored in SharePoint Online. With the move to files in SharePoint, Yammer Files API started  require using AAD tokens.

 

As Yammer continues its journey to integrate into the Microsoft 365 ecosystem, there will be even more shared Yammer experiences across Microsoft 365, such as with Teams, Outlook and other applications. All of these require using AAD tokens. Yammer's OAuth token cannot be accepted to conduct these operations. Overtime all Yammer API endpoints will be changed to exclusively support AAD tokens.

 

Starting December 1, 2020, Yammer Group API endpoints that are used to Update, Delete Groups, and manage Group Membership and Group Admins will only support AAD tokens. Using Yammer OAuth tokens will result in a bad request response from the server. Create and Read operations will be supported with Yammer OAuth tokens, however using AAD tokens for all API scenarios with Yammer is strongly recommended. 

 

The change is applicable to the following documented Yammer Groups API endpoints:

And also applicable to undocumented Yammer Groups endpoints:

  • CreateGroup: POST /api/v1/groups(.:format)
  • UpdateGroup: PUT /api/v1/groups/:id(.:format)
  • DeleteGroup: DELETE /api/v1/groups/:id(.:format)
  • AddGroupMember: POST /api/v1/group_memberships(.:format)
  • RemoveGroupMember: DELETE /api/v1/group_memberships(.:format)
  • MakeAdmin: POST /api/v1/groups/:id/make_admin(.:format)
  • RevokeAdmin: POST /api/v1/groups/:id/revoke_admin(.:format)

Notes:

  • All Connected Yammer Groups (including Yammer networks in Native Mode) will require AAD tokens. Using the Yammer OAuth tokens will return a rejected response.
  • In non-Native Yammer networks, users without Group creation rights in AAD will be able to create unconnected Yammer Groups.

What should you do?

  1. Use MSAL to authenticate with Yammer: Microsoft recommends that customers and partners transition their apps to authenticate using the Microsoft Authentication Library (MSAL) to acquire AAD tokens from the Microsoft Identity Platform to operate with the Yammer API. MSAL is available for .NET, JavaScript, Android, and iOS, which support many different application architectures and platforms. Learn about MSAL here.
  2. Set up AAD Client Application: Follow these instructions to set up a client application and assign Delegated Yammer API Permissions to access Yammer APIs.

Notes:

  • Yammer supports Delegated Permissions in Azure Active Directory. This means that your application will access the Yammer API as the signed in user. Application permissions are currently not supported by Yammer in Azure Active Directory.
  • Enabling user_impersonation allows the application to access the Yammer platform on behalf of the signed in user.
  • External networks are not supported with MSAL 2.0

Application types:

  • Client-side Single page JavaScript Application: If you are using a Single Page AAD App that uses the Implicit Grant Flow, then your AAD App will need to be mapped to its corresponding Yammer platform Application. Please provide details about your application in this form  and our team will work with you on the process to map your Yammer and Azure Active Directory client applications. This is required to ensure that your application is not affected by Cross-Origin Resource Sharing (CORS) permissions issues. Learn about CORS here
  • Server-side application: Using the Microsoft identity platform implementation of OAuth 2.0, you can add sign in and API access to your mobile and desktop apps   If you are running a server-side app that requires the usage of long-lived AAD tokens, then use the Microsoft Identity Platform OAuth 2.0 authorization code flow to acquire AAD Access Tokens, with a Refresh Token. This enables your app to request a new AAD access token without requiring any user interaction. Take a look at these sample apps that support MSAL 2.0. 

Resources:  

We’re committed to working with the developer community in transitioning to the new world of AAD tokens! Please check out the resources below, post your questions/comments here or email api@yammer.com.

9 Comments
New Contributor

Since you say that application permissions are currently not supported, is there a plan to support that at some point? 

Microsoft

@Emma_Degerman , Can you please share details about the use case where you will need to use application permissions enabled with the Yammer API in Azure Active Directory?

Senior Member

@Sameer Sitaram I can elaborate on our behalf. We have a solution which customers can use as a central endpoint for creating various collaboration spaces for their needs. These spaces can technically mean Teams-enabled groups, "Outlook groups", Yammer groups or sometimes even SharePoint sites without a group attached at all. The provisioning itself is done in a backend process, typically pending approval by a manager. Use of delegated permissions is not practical in such scenarios and we've been so far holding off using AAD tokens for Yammer Group creation because of this reason. We do use AAD tokens for a variety of other purposes, so their benefits are well known.

Occasional Visitor

@Sameer SitaramHi Sameer we have integrated Yammer API to our web application and we are communicating with Yammer OAUTH tokens . My question is in future total yammer API going to listen only MSAL or just Yammer group API. if possible ,if you have some github code links in relating to this please share. appreciate your help .thank you

New Contributor

The scenarios we have had so far has mainly been centered around analytics, since the built in reports are quite limited as of now, as are the reporting end points provided through the graph. While there are limitations in the current APIs as well, we have still been able to use them to cover some of the gaps. 

Visitor

@Sameer Sitaram Does Yammer JS SDK fully support AAD Tokens?

I tried yam.platform.setAuthToken() using an AAD token then called the following yammer endpoints: 

 

users/current.json - working

groups/for_user/<id>.json - working

 

streams/notifications.json - always failed

messages.json - always failed

Senior Member

@Sameer Sitaram we desperately need application permissions, can you prioritize it in the roadmap ?

Occasional Visitor

I believe this only applies to Native mode Yammer OR Connected Yammer Groups in Non-native/Hybrid mode?

 

If Yammer is in Non-native Mode without Connected Yammer Groups Yammer Group API endpoints will still continue to work with Yammer OAuth?

Frequent Visitor

@Sameer Sitaram  we also definitely need the application permission.