Create Microsoft teams meeting through API

Question

In Azure Active Directory I've registered a new app and given it the Read and create online meetings permissions. I've granted admin consent for the permission and now I'm trying to create a meeting through the command line.

I generated a client secret for the app.

Then I'm requesting a access token using my tenant GUID, client ID of the app and client secret I generated. This gives me back a jwt. When I decode the JWT amongst the roles I can see "OnlineMeetings.ReadWrite.All" which gives me hope that I can actually create meetings using this bearer token.

I then send a POST request to https://graph.microsoft.com/v1.0/users/<my-user-guid>/onlineMeetings with the following body:

  {
   "startDateTime":"2021-03-16T14:33:30.8546353-07:00",
   "endDateTime":"2021-03-16T15:03:30.8566356-07:00",
   "subject":"Application Token Meeting",
   "participants": {
     "organizer": {
       "identity": {
         "user": {
           "id": "<my-user-guid>"
          }
        }
      }
    }
  }

and the response comes back with

"code": "Forbidden",
"message": "Application does not have permission to Create online meeting on behalf of this user.",

Am I missing something?

Edit: As some of the comments have suggested I should create an application access policy. So I'm following the documentation which asks me to Connect using admin credentials

When i run Connect-MicrosoftTeams -Credential $userCredential with my account it fails with the following error:

Connect-MicrosoftTeams: accessing_ws_metadata_exchange_failed: Accessing WS metadata exchange failed: Response status code does not indicate success: 406 (NotAcceptable).
Connect-MicrosoftTeams: accessing_ws_metadata_exchange_failed: Accessing WS metadata exchange failed
Connect-MicrosoftTeams: Response status code does not indicate success: 406 (NotAcceptable).
Connect-MicrosoftTeams: : Unknown error

But this is what is confusing me. I don't really know if I'm trying to login with the correct account. I'm using my personal account on azure which is (afaik) not a business account with skype for business. I'm running the commands to log in on the azure portal's PowerShell interface. Am I supposed to run this on my local machine instead? I think I'm not fully understanding what all of the moving parts are that need configuration. Can I add those application Access Policies in the azure portal interface somewhere?

Answer 1

According to the api documentation , make sure you grant the OnlineMeetings.ReadWrite.All application permission to the application. Then you need to use the client credential flow to obtain an access token.

Please note that when you create an online meeting with an application token, administrators must create an application access policy and grant it to a user, authorizing the app configured in the policy to create an online meeting on behalf of that user (user ID specified in the request path).