question

HariPrasath-2893 avatar image
0 Votes"
HariPrasath-2893 asked HariPrasath-2893 commented

List teamsApp - GET /appCatalogs/teamsApps - 403 Forbidden error

Related threads: 1, 2

I am working to get a bot installed proactively for the users in my tenant and in other tenants as well. The proactive installation should happen to every single chosen user starting from the first.
(Currently, I have not published the bot to Teams App Store and either creating new bots for other tenants or publishing the same bot package in other tenants.
But in the context of this issue, the method of publish can probably be ignored as the issue is prevailing in any case because of the lack of support for application permissions for that API.)

As in documentation the first suggested method to get the teamsAppId is using the GET /appCatalogs/teamsApps API.
The second and third methods doesn't sound rational (for my requirement) as,
1. they require the bot to have installed already for a user and that should have happened manually, i.e, at least one user should add the bot from store to his/her personal scope for the second method in the documentation to work.
2. I am not supporting groups, channels or teams conversations and supporting only personal scope installation.

I am using client credentials flow as the entire process is being governed by a service runner and of course the installation is done for other users as mentioned and guided in the documentation,

So, is there a way to consume the api without user intervention using client credentials flow?

The only other workaround I have is to orchestrate a behavior in which I should use Authorization code grant flow or implicit flow as soon as I get the admin consent for application permissions as a separate process so that I can get a token with delegated scopes on behalf of the same user (the admin) and then can use that token to get the list teamsApp api. This method of using the token issued for a individual user to consume an api i.e, consuming an api as an individual user that gives details of the appCatalog which is the tenant's resource and not specific to that individual user doesn't seem to be logically correct. (This also takes a lot of explanations to make to the clients about the additional process.)

Also, will really appreciate if some light can be shed on the reason why application permissions are not supported for this API as it seems to be the most logical way of doing the proactive installation.

office-teams-app-devmicrosoft-graph-teamwork
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@HariPrasath-2893 - Could you please confirm if your issue has been resolved?

0 Votes 0 ·

@Meghana-MSFT - The behavior I want, as @ZehuiYaoMSFT-7151 confirmed is not possible unless the api supports application permissions.
And so the issue obviously still persists and I am using the work arounds. But we can consider this query as resolved.

1 Vote 1 ·

I have submitted a feature request to support application permissions for the Get /appCatalogs/teamsApps api or a way to read the teamsAppId with client authorization. (link to the feature request post.)


0 Votes 0 ·

1 Answer

ZehuiYaoMSFT-7151 avatar image
1 Vote"
ZehuiYaoMSFT-7151 answered ZehuiYaoMSFT-7151 edited

Hello, @HariPrasath-2893 , currently, application permission do not support calling /TeamsApps , you can submit a feature requests in the user voice


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.