question

PabloGlomby-5415 avatar image
0 Votes"
PabloGlomby-5415 asked Jerryzy commented

Get Teams SharePoint internal URLs but NOT using Graph

Hi!
I have a request. I have a C# desktop application. I cannot use Graph since I cannot force customers to register any application in the Azure server.
I need to know if there is a way to know the SharePoint URL for each Team that a user has.
I know that using graph it would be easier:
I would just call
https://graph.microsoft.com/v1.0/me/joinedTeams
and then
https://graph.microsoft.com/v1.0/groups/"+szTeamId+"/sites/root

But this is a completely different scenario.

I see there is something called "MS Teams native API" that is basically what the Teams.exe local project uses...
Is there anything equivalente to Graph but using this undocumented API?

All I have that may be useful is:
+ I assume that the local Teams application may be installed
+ I have the user name and password that can be used to login to www.office.com
+ I can use CSOM API

I was curious to see if this URL map can be stored in %AppData%\Microsoft\Teams but I did not find it.
Using fiddler to inspect the HTTP traffic of Teams.exe does not provide anything useful.

Thanks



office-teams-app-devoffice-sharepoint-server-developmentmicrosoft-graph-teamwork
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jerryzy avatar image
0 Votes"
Jerryzy answered

Hi @PabloGlomby-5415,

SharePoint CSOM/Rest API can only get the SharePoint site groups.

For the joined Teams and the Group based site url, it's necessary to use Graph API.

And in the Graph API, it's necessary to register a Azure AD App, using only username and password, it's not supported to authenticatio user, here is a similiar question for your reference:

Is there way to authenticate to Graph API using Username and Password without Application Registration in Azure AD

A different point in the request would be using /users/{user-id}/joinedTeams instead of /me as using the app-only permission, /me is not available as it's not a real user.

Here is a code demo about register Azure AD App and connect with C# code, please refer:

How To Access Microsoft Graph API In Console Application

Thanks
Best Regards



If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PabloGlomby-5415 avatar image
0 Votes"
PabloGlomby-5415 answered Jerryzy commented

Thanks Jerryzy-MSFT for your answer.
As I said, as my application may access several tenants and it's really a problem asking each customer to register an application, I really need to avoid registering an application.
I've researched more and I saw that when you have the MS Teams installed (desktop application) the token is stored in a sqlite DB that is in %AppData%\Microsoft\Teams\Cookies.
Here if you rename this file as .db and you browse this using an Sqlite client you will find that there is a cookies table and inside this table there is an SSOAUTHCOOKIE value that contains the authentication token used by the desktop teams application and inside this token (if I analyze it) the client app id is 1fec8e78-bce4-4aaf-ab1b-5451cc387264 that is "Microsoft Teams" enterprise application in the Azure server. The token has: "scp": "user_impersonation" . I tried to use this client app id with ADAL to see if I can get the graph token but I could not.
Can I use this token to get a graph token in any way?

This local desktop Teams program uses the "MS Teams native API":
https://digitalworkplace365.wordpress.com/2021/01/04/using-the-ms-teams-native-api-end-points/#more-330

I wonder why MS does not document it... there is really a Teams API.

Thanks

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MS Teams Native API end-points haven't realease by Microsoft official, so this should not be used currently.

And the token is for Teams not related with Graph API, as explained above Graph API use OAuth 2.0 bearer token and necessary to work with Client Id/Secret.

Now if you have several Tenants, don't worry, just need to create a single AAD Application for a single tenant, this just cost few minutes, then you will be able to get Graph token and get the Group based site url with Graph API.

Get access without a user


0 Votes 0 ·

Thanks for your answer. In fact I have several tenants because I have several different customers... I mean, imagine that for example I have a lot of customers and they don't want to install anything in their servers.
Can I configure the application in MY tenant (I am the third party software developer) and would this avoid different customers (not linked each other) to use an application registered in my tenant?
I not only use Graph but I also use CSOM and Sharepoint REST API so the application will need more permissions. The permissions are delegated permissions, it's not a client-id with secret-id, but each user uses ADAL or MSAL to get the refresh and access token.

Thanks again

0 Votes 0 ·

Hi @PabloGlomby-5415 ,

"Can I configure the application in My Tenant and would this avoid different customers(not linked each other) to use an application registered in my tenant ?"

No, this is not supported, as the application permission is based on the specific Tenant, they can't to be common use due to the security reason.

I suggest you can explain this point to your customer, just need to register one application in each Tenant and can be repeat using in the solution.

0 Votes 0 ·