Microsoft Teams Scope working only when using Interactive Token Authentication type

Hello, everyone. I have managed to setup a Microsoft Teams Scope and is working but only with InteractiveToken authentication method.
I would like to make it work with either IntegratedWindowsAuthentication or UsernameAndPassowrd.

I am using Delegated permissions in Azure and I have this redirect uri configured: urn:ietf:wg:oauth:2.0:oob

I have this error: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’.

But I don’t want to use a client secret and the reason for that is that I want my process to run on behalf of a specific user and restrict my app registered in Azure only to that user.

Hi,

I have a similar issue. I want to use anything else than Interactive Token ( which is not for unattended robots per documentation). The problem is that other options like ApplicationId and Secret do not work. The only one that works is InteractiveToken.
Anyone managed this issue. Maybe there is something else that needs to be set up in Azure AD?
@uipath
Regards,
Kamil

I have used Microsoft Teams Scope. So it might be different that Office 365 scope.
For me It worked with the following settings and permissions. Do you have User.Read.All, profile, openid, offlice_access permissions?


Make sure to have the right Redirect URIs (the oauth.pstmn.io one is needed only if you want to play in Postman)

This was the settings that allowed me to connect without Interactive Token and using Windows Authentication. Do you have it on Yes?

In UiPath I call it in two ways:

  1. Using Microsoft Teams Activity Scope. Note: for this to work you have to run it at once time using Interactive method, then you can switch to Windows Auth.
    image

  2. (Option to use if UiPath activities are not enough for what you need to do in GraphAPI) Trough HTTP Request I obtain an access token and use it Header with Bearer. The token is obtained trough C# code.


string scopes = new string {
https://graph.microsoft.com/.default
};
var app = Microsoft.Identity.Client.PublicClientApplicationBuilder.Create(clientId)
.WithTenantId(tenantId)
.Build();
Microsoft.Identity.Client.AuthenticationResult result = app.AcquireTokenByIntegratedWindowsAuth(scopes)
.ExecuteAsync().Result;
accessToken = result.AccessToken;

1 Like

Thanks @Oana_Georgiana_Vasile for the detailed answer.
In my case it is the matter of the permissions granted in AzurePortal. It seems that for Graph API we require Application permission no Delegated. Please see the documentation below:

Application permissions should be set when the value of AuthenticationType in the Microsoft Office 365 Scope activity is set to ApplicationIdAndSecret or ApplicationIdAndCertificate .

  • While the Application permissions will also work, the activities are designed for apps with Delegated permissions assigned to the Microsoft Graph APIs.
    For more information about permission types, see Configure a client application to access web APIs in the Microsoft Azure documentation.

If that also help, please mark it as the solution for others :wink:

Regards,
Kamil