Forum Discussion

PhoneMe007's avatar
PhoneMe007
Brass Contributor
Mar 24, 2021
Solved

Authenticating with an access token Connect-MicrosoftTeams

Has anyone tried authenticating with an access token (using -AadAccessToken or -MsAccessToken)? The old version of New-CsOnlineSession had an -OAuthAccessToken param, which accepted a jwt with the PS ...
Administrator
Calling
microsoft teams
  • NMLVS's avatar
    NMLVS
    Oct 15, 2021
    FYI - I raised a ticket, and it should be fixed by mid november.

    Issue description:
    Cannot properly run Connect-MicrosoftTeams -AccessTokens

    Resolution Steps:
    Escalated case with our engineering Team
    Issue is known bug and currently being fixed
    Expecting a fix to go out by NOV mid
SHWDAndrewBaker's avatar
SHWDAndrewBaker
Copper Contributor
Jul 23, 2021

I'm trying to setup something similar in Softerra Adaxes, but I'm not getting very far

 

$clientId = ""  
$clientSecret = ""  
$tenantName = "tenant.onmicrosoft.com"
$tenantNameshort = ""
$tenantIdCode = ""
  
$graphResource = "https://graph.microsoft.com/"  
$graphtokenBody = @{  
   Grant_Type    = "client_credentials"  
   Scope         = "https://graph.microsoft.com/.default"  
   Client_Id     = $clientId  
   Client_Secret = $clientSecret  
}   
$graphTokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantName/oauth2/v2.0/token" -Method POST -Body $graphtokenBody


$teamsResource = "https://api.interfaces.records.teams.microsoft.com"  
$teamstokenBody = @{  
   Grant_Type    = "client_credentials"  
   Scope         = "48ac35b8-9aa8-4d74-927d-1f4a14a0b239/.default"  
   Client_Id     = $clientId  
   Client_Secret = $clientSecret
  
}   
$TeamsTokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantName/oauth2/v2.0/token" -Method POST -Body $teamstokenBody

Connect-MicrosoftTeams -TenantId $tenantId -AccessTokens @($graphTokenResponse.access_token,$TeamsTokenResponse.access_token)

 

 

I get this error:

 

Connect-MicrosoftTeams : Not supported tenant type.
At C:\scripts\connect-teams.ps1:27 char:1
+ Connect-MicrosoftTeams -TenantId $tenantId -AccessTokens @($graphToke ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : AuthenticationError: (:) [Connect-MicrosoftTeams], ArgumentException
    + FullyQualifiedErrorId : Connect-MicrosoftTeams,Microsoft.TeamsCmdlets.Powershell.Connect.ConnectMicrosoftTeams

 

If I try something along the lines of 

 

 

Connect-MicrosoftTeams -TenantId $tenantId -ClientId $clientId -Certificatethumbprint $certificateThumbprint 

 

 I get the following:

 

Connecting to remote server api.interfaces.records.teams.microsoft.com failed with the following error message : The WinRM client cannot process the request....

 

 

 

  • Andres-Bohren's avatar
    Andres-Bohren
    Steel Contributor
    Aug 17, 2021
    Any Updates on this Topic?

    https://docs.microsoft.com/en-us/powershell/module/teams/connect-microsoftteams?view=teams-ps
    $graphtoken = #Get MSGraph Token for following for resource "https://graph.microsoft.com" and scopes "AppCatalog.ReadWrite.All", "Group.ReadWrite.All", "User.Read.All";
    $teamstoken = #Get Teams resource token for resource id "48ac35b8-9aa8-4d74-927d-1f4a14a0b239" and scope "user_impersonation";

    Connect-MicrosoftTeams -AccessTokens @($graphtoken, $teamstoken) -AccountId $adminaccount

    Account Environment Tenant TenantId
    ------- ----------- ------------------------------------ ------------------------------------
    user@contoso.com AzureCloud xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

    Specifies a access tokens for "MSGraph" and "Skype and Teams Tenant Admin API" resources. This new parameter is added in version 2.3.2-preview.

    Following steps must be performed by Tenant Admin in the Azure portal when using your own application.

    Steps to configure the AAD application.

    Go to Azure portal and go to App Registrations.
    Create or select the existing application.
    Add the following permission to this Application.
    Click API permissions.
    Click Add a permission.
    Click on the Microsoft MS Graph, and then select Delegated Permission.
    Add the following permissions: "AppCatalog.ReadWrite.All", "Group.ReadWrite.All", "User.Read.All";
    Next, we need to add "Skype and Teams Tenant Admin API" resource permission. Click Add a permission.
    Navigate to "APIs my organization uses"
    Search for "Skype and Teams Tenant Admin API".
    Add all the listed permissions.
    Grant admin consent to both MS Graph and "Skype and Teams Tenant Admin API" name.
    • danielandrewbrowne's avatar
      danielandrewbrowne
      Copper Contributor
      Aug 23, 2021
      They seems to have gone backwards with release 2.5.0. I used to be able to use

      Connect-MicrosoftTeams -AccessTokens @($graphtoken, $teamstoken) -Verbose -AccountId "user@domain.com"

      to at least access the new cmdlets, but now I get

      Parameter set cannot be resolved using the specified named parameters. One or more parameters issued cannot be used together or an insufficient number of parameters were provided.
      • MattLadewig's avatar
        MattLadewig
        Copper Contributor
        Aug 26, 2021
        Removing the -AccountId "user@domain.com" parameter should allow you to login. Seems this detail is derived via the tokens now in 2.5.0

Resources