How to use node.js to create a new chat message in an existing channel in Teams with application permissions

Question

I am trying to create a new chat message in an existing channel in Teams using node.js. My application needs to send messages to this channel to notify members of the channel that something has happened with my app and allow replies, etc.

It looks like Microsoft has limited this functionality to the migration permission, based on this document note .

Note: Application permissions are only supported for migration. In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.

Since I am not trying to migrate data from another service, and instead trying to create a new chat in the channel, am I out of luck?

Is there any way to create a new chat message in a channel using application permissions vs. signed in user permissions?

I am getting this error:

{
  error: {
    code: 'Unauthorized',
    message: 'Unauthorized',
    innerError: {
      date: '2021-05-15T01:07:08',
      'request-id': '<my request-id>',
      'client-request-id': '<my client-request-id>'
    }
  }
}

This is my code:

let res = await fetch(`https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`, {
    method: 'post',
    headers: {'Content-Type': 'application/x-www-form-urlencoded'},
    body: `client_id=${clientId}&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=${clientSecret}&grant_type=client_credentials`
})
let token = await res.json()

let teamsId = '<teamsId>'
let teamsChannelId = '19%<teamsChannelId>@thread.tacv2'

const chatMessage = {
    body: {
        content: 'Hello World'
    }
};

let sendChat = await fetch(`https://graph.microsoft.com/v1.0/teams/${teamsId}/channels/${teamsChannelId}/messages`, {
    method: 'post',
    headers: {
        'Content-Type': 'application/json',
        'Authorization': 'Bearer ' + token.access_token
    },
    body: JSON.stringify(chatMessage)
})

let chatRes = await sendChat.json()

console.log(chatRes)

Answer 1

If you just create a new chat message in the channel, it's not supported to use application permissions. As the document says, "Application permissions are only supported for migration." . And you can see the supported permission is Teamwork.Migrate.All , which is used to manage migration to Microsoft Teams.

It's recommended for you to use authorization code flow with the delegated permission( ChannelMessage.Send ). You could also get access token directly with username and password using ropc flow , but it carries risks, you could use it just for test.

// Request an authorization code

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=<client_id>
&response_type=code
&redirect_uri=<redirect_uri>
&response_mode=query
&scope=https://graph.microsoft.com/ChannelMessage.Send
&state=12345

// Request an access token with a client_secret

POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token 
Content-Type: application/x-www-form-urlencoded

client_id=<client_id>
&scope=https://graph.microsoft.com/ChannelMessage.Send
&code=<authorization code from previous step>
&redirect_uri=<redirect_uri>
&grant_type=authorization_code
&code_verifier=ThisIsntRandomButItNeedsToBe43CharactersLong 
&client_secret=<client_secret>

Note: you need to add ChannelMessage.Send permission in API permissions first.

Sample of node js using the auth code flow: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-nodejs-webapp-msal