Microsoft Teams Bot OAuth login shows blank screen and closes without signing in
I’m building a Microsoft Teams bot using Azure AD OAuth (SSO) with Bot Framework. When I click Sign in, the OAuth popup in Teams shows a blank screen for a moment, then closes automatically without signing me in. What I’ve Done Added redirect URI in Azure App Registration: https://token.botframework.com/.auth/web/redirect Enabled Access tokens and ID tokens in App Registration → Authentication. Configured OAuth connection in Bot Channels Registration (ConnectionName matches my bot code). Verified client ID, client secret, and tenant ID are correct. Code bot.js require("dotenv").config(); const { TeamsActivityHandler } = require("botbuilder"); const { Client } = require("@microsoft/microsoft-graph-client"); const { DialogSet, DialogTurnStatus, OAuthPrompt, WaterfallDialog } = require("botbuilder-dialogs"); require("isomorphic-fetch"); const OAUTH_PROMPT = "OAuthPrompt"; const MAIN_DIALOG = "MainDialog"; class BotActivityHandler extends TeamsActivityHandler { constructor(conversationState, userState) { super(); this.conversationState = conversationState; this.userState = userState; this.dialogState = this.conversationState.createProperty("DialogState"); this.dialogs = new DialogSet(this.dialogState); // OAuthPrompt for Teams SSO this.dialogs.add( new OAuthPrompt(OAUTH_PROMPT, { connectionName: process.env.CONNECTION_NAME, text: "Please sign in to continue", title: "Sign In", timeout: 300000, }) ); this.dialogs.add( new WaterfallDialog(MAIN_DIALOG, [ this.promptStep.bind(this), this.handleFileStep.bind(this), ]) ); this.onMessage(async (context, next) => { const text = (context.activity.text || "").trim().toLowerCase(); const dialogCtx = await this.dialogs.createContext(context); if (text.startsWith("/")) { // ...handle commands... } else { const results = await dialogCtx.continueDialog(); if (results.status === DialogTurnStatus.empty) { if (context.activity.attachments?.length > 0) { await dialogCtx.beginDialog(MAIN_DIALOG, { file: context.activity.attachments[0], }); } else { await context.sendActivity("Upload a file or type /help."); } } } await next(); }); } async promptStep(stepContext) { return await stepContext.beginDialog(OAUTH_PROMPT); } async handleFileStep(stepContext) { const tokenResponse = stepContext.result; if (!tokenResponse?.token) { await stepContext.context.sendActivity("Please sign in to access files."); return await stepContext.endDialog(); } const token = tokenResponse.token; // Use token with Microsoft Graph API // ... return await stepContext.endDialog(); } } module.exports.BotActivityHandler = BotActivityHandler; Problem OAuth popup appears, then closes without completing login. No token is returned to the bot. Questions Why does the OAuth popup in Teams close immediately without signing in? Where can I see detailed error logs for OAuth failures? Azure AD sign-in logs? Application Insights (do I need to configure Instrumentation Key in Bot Service)? Environment Bot Framework v4 (Node.js) Azure Bot Service Microsoft Teams channel Azure AD v2 OAuth
Graph API 1.0 - Listing lists doesn't return all lists (todoTaskList)
Hi, first time posting here, please let me know if I should be doing something differently! I've searched throughout the internet and couldn't find a reason for this. I've got a couple of users running into a problem where the https://learn.microsoft.com/en-us/graph/api/todo-list-lists?view=graph-rest-1.0&tabs=http endpoint only returns one list (Flagged Emails), though these users have and see many other lists in the To Do desktop (macOS) app. I've confirmed in both cases it's the same user that's identified in my app/integration and in the desktop app. They can see the tasks in that list without a problem. There are no errors requesting that list, and asking via `/users/{id|userPrincipalName}/todo/lists` also returns the same response (with that one list). Is there any known situation where this could be happening? Am I missing something obvious? Is there something else I should be trying? I've got many other customers using the To Do integration without a problem. I'm aware "My Day" and a few other special lists aren't returned. Thank you so much!
Can a Teams Channel name start with space?
Dear Community, I am facing an issue fetching the children of a teams channel when the channel name is renamed and starts with empty space. Ex: Original Channel Name: "Test" Renamed Channel Name: " Test 123" This page does not mention anything on this https://learn.microsoft.com/en-us/microsoftteams/limits-specifications-teams Any help or hints are much appreciated. Thanks Pramod VedalaMS Graph API - isMeetingInviteToCustomersEnabled Not Working
I have a PA Flow running a Create Service call and everything else works except the isMeetingInviteToCustomersEnabled and I can't seem to figure out why. I have it embedded in 'schedulingPolicy' as I believe and as Copilot says it should be. Thank you for any insights you can offer! { "displayName": "@{outputs('Get_item')?['body/Title']}", "description": "@{outputs('Get_item')?['body/Description']}", "defaultDuration": "@{outputs('DurationISO')}", "defaultLocation": { "displayName": "@{outputs('Get_item')?['body/Location/Value']} - @{outputs('Get_item')?['body/Room_x002f_Link']}" }, "isLocationOnline": true, "defaultPrice": 0, "priceType": "notSet", "schedulingPolicy": { "isMeetingInviteToCustomersEnabled": true, "customAvailabilities": [ { "startDate": "2025-06-27", "endDate": "2025-07-27", "availabilityType": "customWeeklyHours", "businessHours": [ { "day": "friday", "timeSlots": [ { "startTime": "15:00:00.0000000", "endTime": "17:00:00.0000000" } ] } ] } ], "generalAvailability": { "availabilityType": "notBookable", "businessHours": [] }, "minimumLeadTime": "P1D", "maximumAdvance": "P14D", "timeSlotInterval": "PT15M", "sendConfirmationsToOwner": true, "allowStaffSelection": true }, "isHiddenFromCustomers": false, "maximumAttendeesCount": "@{outputs('MaxCapacity')}", "defaultReminders": [ { "message": "Reminder: Your training will begin in 1 day.", "offset": "P1D", "recipients": "allAttendees" } ] }"Insufficient privileges to complete the operation" when listing Planner tasks from Project
Hi, it's only my time posting here, please let me know if I should be doing something differently! I've searched throughout the internet and couldn't find a solution for this. I've got a user running into a problem where the `/me/planner/tasks`, `/planner/buckets/{bucketId}/tasks`, and `/planner/plans/{planId}/tasks` endpoints return a `Authorization_RequestDenied` error. Here's an example response: { "code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation.", "innerError": { "date": "2025-07-23T08:15:50", "request-id": "bd5f7056-a41d-439c-a0d7-d768cd82d1ea", "client-request-id": "362f376c-863e-0616-86f7-22c7c07c1352" } } While this happens for almost all of their groups and plans, it doesn't happen for one. The main difference between that which works and the other ones which don't is that all the ones that don't work were created in Microsoft Project (Platinum, I think?). The one that does was created in Planner. We can, however, list the proper plans and buckets, just not fetch the tasks. Is there any way around this? Is there some kind of special scope I should be asking for so the API calls work? Should I use the To Do API in some special way for this, instead? Thank you so much!
MS Purview InformationProtectionPolicy - Extract Sensitivity Labels - Permissions Granted
Hello community, I'm currently facing an issue trying to extract sensitivity labels from our Microsoft 365 tenant and could use some assistance. I have already ensured that the necessary permissions and application are in place. I initially attempted to retrieve the labels via the Microsoft Graph Explorer (graph-explorer) using the endpoint: https://graph.microsoft.com/beta/security/informationProtection/sensitivityLabels. As you can see in the attached image, I encountered a "Forbidden - 403" error, suggesting a problem with permissions or consent, even though InformationProtectionPolicy.Read is listed under the "Modify permissions" tab as "Unconsent". The only way that I found to solve it was using "https://graph.microsoft.com/beta/me/security/informationProtection/sensitivityLabels" but I need to use it in Python Code, without a user validation of credential. Next, I tried to achieve the same using Python and the Microsoft Graph API directly. I obtained an access token using a Client ID and Secret, authenticating against https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token. The application associated with this Client ID and Secret has been granted the InformationProtectionPolicy.Read permission. However, when making a GET request to https://graph.microsoft.com/beta/security/informationProtection/sensitivityLabels in Python, I receive the following error: I have already granted what I believe are the relevant permissions, including InformationProtectionPolicy.Read.All, InformationProtectionPolicy.Read, Application.Read.All, and User.Read. Has anyone successfully retrieved sensitivity labels using the Microsoft Graph API? If so, could you please share any insights or potential solutions? I'm wondering if there are other specific permissions required or if there's a particular nuance I might be missing. Any help would be greatly appreciated! Thank you in advance. Leonardo Canal
How to add Metadata to Groups
Hello, I am getting quite frustrated with any kind of metadata in Entra ID especially on groups. I used to put a lot of information like product , responsible , location etc. in either the name or the description of a group but since this information is most of the time confusing and irrelevant for the members of the group, I wanted to come up with something better. Now it seems that for some reason Microsoft denies any kind of metadata in Entra ID to be added to most objects especially groups. Overall it seem Microsoft does not see value in providing tags similar to the ones in Azure to any object type in Entra ID and I wonder why is that? I checked out the new "Custom Security Attributes" feature, turns out, its only available for users and applications.... Then I thought we are using directory extensions on applications and users already, it would be useful to use on groups as well. Now according to the documentation groups are also supported, great. But then there is the limitation that you can not update mail enabled and distribution groups via Graph API 😡. Well majority of groups are mail enabled.... Now I am forced to use the EXO module which limits the possibility of automating this quite much (requires PowerShell) but even with this you can not set directory extensions. Why is this so bad by design? How can I add metadata to groups now? Cheers
Missing added files (v1.0/me/drive/recent?$top=1000)
Missing added files In LMS we allow customers to add recent files across organization as course materials. We fetch recent files via graph API call https://graph.microsoft.com/v1.0/me/drive/recent?$top=1000 . Typical scenario for adding files would be the following. 1) user puts file from his PC to whatever location in sharepoint 2) he edits course and sees his file, and its added Currently user won't be able to see his files. Just uploaded files by user are missing from this query results. To make files appear user have to go to sharepoint and click Preview, then Download, then try rename files to make them appear in the query results. It would be very uncofmortable for user (and for our support to explain) to do it to make files appear. Can you please show just added files in https://graph.microsoft.com/v1.0/me/drive/recent?$top=1000 call. Just in case we contacted Microsoft Support 3 times already 2 years ago with no promises to fix it, but new client has same situation, so I decided to post it here as well. Thanks.Internal Server Error when creating an appointment with isLocationOnline: true
Since last week we are experiencing an issue with creating booking appointments when isLocationOnline is set to true. The booking is created in MS Bookings but the Graph API returns a 500 Internal Server Error without any further details and the customer doesn't receive the confirmation email, only the reminders. With isLocationOnline set to false the Graph API returns a proper booking appointment response and the customer receives the confirmation email. But no teams link is being created, which is the whole point. We have a test environment where it still works with the same payload. We've double checked all Business and Service rules and made sure the service linked to the appointment is set up to allow online sessions. The strange thing is that Microsoft's own service booking page also returns an Internet Server Error when creating an appointment through their UI. Example request with the culprit highlighted in bold: curl --location 'https://graph.microsoft.com/v1.0/solutions/bookingBusinesses/{businessId}/appointments' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ••••••' \ --data-raw '{ "@odata.type": "#microsoft.graph.bookingAppointment", "customerTimeZone": "W. Europe Standard Time", "endDateTime": { "@odata.type": "#microsoft.graph.dateTimeTimeZone", "dateTime": "2025-02-28T13:45:00.000Z", "timeZone": "UTC" }, "isLocationOnline": true, "optOutOfCustomerEmail": false, "postBuffer": "PT15M", "preBuffer": "PT0S", "email address removed for privacy reasons": "#Collection(microsoft.graph.bookingReminder)", "reminders": [ { "offset": "-PT1S", "recipients": "customer", "message": "Reminder 1" }, { "offset": "P1D", "recipients": "customer", "message": "Reminder 2" }, { "offset": "P2D", "recipients": "staff", "message": "Reminder3 " } ], "serviceId": "{serviceId}", "staffMemberIds": [ "{staffMemberId}" ], "startDateTime": { "@odata.type": "#microsoft.graph.dateTimeTimeZone", "dateTime": "2025-02-28T12:45:00.000Z", "timeZone": "UTC" }, "maximumAttendeesCount": 1, "filledAttendeesCount": 1, "email address removed for privacy reasons": "#Collection(microsoft.graph.bookingCustomerInformation)", "customers": [ { "@odata.type": "#microsoft.graph.bookingCustomerInformation", "name": "-", "emailAddress": "email address removed for privacy reasons", "timeZone": "W. Europe Standard Time" } ] }'
