I need a bit of help or direction with a MS Teams chatbot that I am trying to make with Python.
Anyway, here are a couple of facts: I've gained an API app registered with the admin of my company, and I received a MS Teams user that will interact with a group chat that we have in MS Teams (not a Teams group conversation but just a normal group chat). I have the tenant ID, I have the client ID and the secret key and the app has the chat.read and chat.readwrite permissions for MS graph. The user that can use this APi app registered through Azure has access to it and the user has a MFA flow. The user is not a built in BOT, but an actual MS Teams username and password type of user that will interact with employees.
Now, I'm having some big difficulties (probably just with my understanding on how the whole Azure API access thing works) with how to get the correct access token to be able to read the users group chat and interact with it. Below is my code so far and I get a reply that:
{
'error': 'invalid_grant',
'error_description': "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access
I've tried a solution that opens a web-browser into which I enter the user and pass of the bot and after I do so and enter the SMS code key it just replies that I provided the wrong redirect URI.. I checked in the Azure portal and I have no Redirect URIs, I do however have an Application ID URI.
Any ideas or guidance would be greatly appreciated. If I neglected to provide more information, let me know.
import requests
import msal
client_id = ''
client_secret = ''
tenant_id = ''
authority = f"https://login.microsoftonline.com/{tenant_id}"
scopes = ['https://graph.microsoft.com/.default']
app = msal.ConfidentialClientApplication(client_id, client_credential=client_secret, authority=authority)
username = ''
password = ''
result = app.acquire_token_by_username_password(username, password, scopes=scopes)
access_token = result['access_token']
Instead of
{'error': 'invalid_grant', 'error_description': "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access
I would need to get an access token for the user so i can read its MS teams chat.
I tried to reproduce the same in my environment and got below results:
I registered one Azure AD application and granted
API permissionssame as you like below:I have one MFA-enabled user named
Srilike below:When I ran below code to get access token, I got same error as you like this:
Response:
In these scenarios, you need to use interactive flows where user sign in is required, by modifying your code as below:
In your case, make sure to add redirect URI as http://localhost in your application like below:
Now, I ran above code that opened new tab in browser to pick an account for signing in like this:
When I selected MFA-enabled user named
Srifrom list, it asked to verify identity like below:After entering OTP, I got below screen with Authentication completed message like this:
When I checked the output, I got access token successfully like below:
To confirm that, I decoded the above token in jwt.ms website that has
scpclaims as below: