Starting from the Java webhook example application I tried to subscribe to the web hook for the Teams Presence. I would like to obtain the presence in an application where the user does not logs in, but I can see here that the Application
permissions are not supported for the Presence API. This means that the only way (I could figure out) to login without the user intervention, is to create a cloud user in active directory and use the UsernamePasswordProvider
authenticator provider (see here).
When I execute the subscription request with the following piece of code
private final List<String> scopes = Arrays.asList("https://graph.microsoft.com/.default");
final UsernamePasswordProvider authProvider = new UsernamePasswordProvider(this.clientId, this.scopes,
this.username, this.password, NationalCloud.Global, this.tenantId, this.clientSecret);
final IGraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider(authProvider).buildClient();
graphClient.setServiceRoot("https://graph.microsoft.com/beta");
Subscription subscription = new Subscription();
subscription.changeType = this.changeType;
subscription.notificationUrl = this.publicUrl + "/notification";
subscription.resource = this.resource;
subscription.expirationDateTime = Calendar.getInstance();
subscription.clientState = "secretClientValue";
subscription.expirationDateTime.add(Calendar.HOUR, 1);
if (this.resource.startsWith("teams")) {
subscription.additionalDataManager().put("includeResourceData", new JsonPrimitive(true));
subscription.additionalDataManager().put("encryptionCertificate",
new JsonPrimitive(GetBase64EncodedCertificate()));
subscription.additionalDataManager().put("encryptionCertificateId", new JsonPrimitive(this.alias));
LOGGER.warn("encoded cert");
LOGGER.info(GetBase64EncodedCertificate());
}
subscription = graphClient.subscriptions().buildRequest().post(subscription);
I obtain the following error
[Status Code: Forbidden; Reason: The request is not authorized for this user or application.]
I also granted the Presence.Read
and Presence.Read.All
delegated permissions to the app.
My questions are:
- is this the correct approach to subscribe to the presence notification in this scenario?
- Why is the request unauthorized, am I missing to grant some permissions somewhere?