Microsoft-graph-docs: Permissions for Teams Installed Apps
Hello, I am trying to view installed apps on all Teams. I have picked a random Team and can successfully do a get on https://graph.microsoft.com/v1.0/teams/[teamid] with successful results, on any team. However when attempting to do https://graph.microsoft.com/v1.0/teams/[teamid]/installedApps?$expand=teamsAppDefinition on the same team, I get the following:
{
"error": {
"code": "AccessDenied",
"message": "Unable to fetch team thread, exception:Failed to execute Skype backend request GetThreadRequest.",
"innerError": {
"request-id": "redacted",
"date": "redacted"
}
}
}
The application used to access Graph has the permissions outlined as required on this page: Group.Read.All
Of note, the error does not occur when the user signed in with to the application during the OAuth flow is in the Teams group that is being queried. As a result, it seems that the delegated permissions outlined in this document don't allow the application to view all applications.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: bf1ca9f5-f0ae-e4ca-f12f-79181c69af8a
- Version Independent ID: 05b8c86f-7992-bbad-f925-90ba34e5bece
- Content: List apps in team - Microsoft Graph v1.0
- Content Source: api-reference/v1.0/api/teamsappinstallation-list.md
- Product: microsoft-teams
- GitHub Login: @nkramer
- Microsoft Alias: MSGraphDocsVteam
dcnoren
All 4 comments
Unlike GET /team/{id}, /teams/[teamid]/installedApps doesn't give special privileges to admins – they need to be part of the team if they want to access the installedApps.
nkramer
on 8 Feb 2019
I'm getting these errors intermittently across Teams after granting a new account member permissions and adding the required licenses. I think it's got to do with replication and if that's the case, that's fine. Just maybe this can be documented for future reference :)
This is not specific to getting a list of teams apps. Here's what I've done:
- Granted an Azure AD account member permissions across all teams in the tenant with a script
- Assigned MS Teams and Planner licensing plans
- Waited 20 hours for replication
- Performed a scan of all Teams using Graph API (channels, team apps, planner, team, etc)
- Getting random HTTP 403 errors.
- Loaded MS Teams app.
- Performed another scan of all Teams using the Graph API
- Not as much 403 errors but still getting them.
HTTP /beta/teams/guid/installedApps?$expand=teamsAppDefinition
json
{
"error": {
"code": "AccessDenied",
"message": "Unable to fetch team thread, exception:Failed to execute Skype backend request GetThreadRequest.",
"innerError": {
"request-id": "dd576c77-3124-4294-8513-25e614cb36b6",
"date": "2019-03-17T04:36:10"
}
}
}
HTTP /beta/teams/guid/channels
json{
"error": {
"code": "AccessDenied",
"message": "Failed to execute Skype backend request GetThreadRequest.",
"innerError": {
"request-id": "38ab4a29-059e-4541-a4fa-02dac3c1c101",
"date": "2019-03-17T04:45:57"
}
}
}
fredericklin
on 17 Mar 2019
@nkramer - Is there a roadmap plan to allow admins access to items like installed apps on all teams without being a member of each team?
DDog80sRocked
on 2 Aug 2019
It's a reasonable request but its not currently planned.
nkramer
on 31 Aug 2019
Related issues
Chotimir
·
3Comments
climam
·
4Comments
cconrado
·
4Comments
mlafleur
·
3Comments
dagexiongfeng
·
4Comments