question

SimoneGaiarin-5389 avatar image
0 Votes"
SimoneGaiarin-5389 asked ·

How to subscribe to teams presence webhook from daemon app?

Starting from the Java webhook example application I tried to subscribe to the web hook for the Teams Presence. I would like to obtain the presence in an application where the user does not logs in, but I can see here that the Application permissions are not supported for the Presence API. This means that the only way (I could figure out) to login without the user intervention, is to create a cloud user in active directory and use the UsernamePasswordProvider authenticator provider (see here).

When I execute the subscription request with the following piece of code

          private final List<String> scopes = Arrays.asList("https://graph.microsoft.com/.default");

          final UsernamePasswordProvider authProvider = new UsernamePasswordProvider(this.clientId, this.scopes,
              this.username, this.password, NationalCloud.Global, this.tenantId, this.clientSecret);
        
         final IGraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider(authProvider).buildClient();
         graphClient.setServiceRoot("https://graph.microsoft.com/beta");
         Subscription subscription = new Subscription();
         subscription.changeType = this.changeType;
         subscription.notificationUrl = this.publicUrl + "/notification";
         subscription.resource = this.resource;
         subscription.expirationDateTime = Calendar.getInstance();
         subscription.clientState = "secretClientValue";
    
         subscription.expirationDateTime.add(Calendar.HOUR, 1);
    
         if (this.resource.startsWith("teams")) {
             subscription.additionalDataManager().put("includeResourceData", new JsonPrimitive(true));
             subscription.additionalDataManager().put("encryptionCertificate",
                     new JsonPrimitive(GetBase64EncodedCertificate()));
             subscription.additionalDataManager().put("encryptionCertificateId", new JsonPrimitive(this.alias));
             LOGGER.warn("encoded cert");
             LOGGER.info(GetBase64EncodedCertificate());
         }
    
         subscription = graphClient.subscriptions().buildRequest().post(subscription);

I obtain the following error

 [Status Code: Forbidden; Reason: The request is not authorized for this user or application.]

I also granted the Presence.Read and Presence.Read.All delegated permissions to the app.

My questions are:
- is this the correct approach to subscribe to the presence notification in this scenario?
- Why is the request unauthorized, am I missing to grant some permissions somewhere?





office-teams-app-devmicrosoft-graph-teamworkmicrosoft-graph-change-notifications
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SimoneGaiarin-5389 avatar image
1 Vote"
SimoneGaiarin-5389 answered ·

Granting the permissions with Grant admin permission solved the issue and it is now possible to subscribe to the presence webhook. From what I understand, granting the permissions as admin allows avoiding the display of the page where the single user is required to grant the permissions, which cannot work for a daemon app.

I am still wondering if this is the correct authentication approach or if there is a better alternative.

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @SimoneGaiarin-5389,

Yes granting the Admin permission would solve your query.

0 Votes 0 ·
AlexGrnholmHaltianEB-5336 avatar image
0 Votes"
AlexGrnholmHaltianEB-5336 answered ·

I'm also in the need of this functionality from a daemon service. If admin permissions are granted, does it mean the app can access the presence API on behalf of that admin user? Asking since that is what "delegated" permissions are, right?

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.