MS Teams scope

Category: Product.


This post describes the background of teams bot implementation using the MS graph API with the scope.

Installation & Authentication Process

Step 1:

Install bot from the app store.

Please refer how to install bot on MS Teams

Step 2:

Once the bot is installed, the bot has to be authenticated with your account. This process links your bot with your account. To perform this step, just enter “login” in the bot.

Login Bot

Step 3:

This opens a panel to login:

Login Panel

Step 4:

Here, we have two ways to authenticate with your account.

  • Use your’s username and password.
  • Simply click “office 365” to authenticate your through OAuth2 (SSO). You can use your office 365 credentials to login.

365 Login

Step 5:

Here, is asking for your permission to sign you in and to use your profile information. The exact MS Teams scope name that is requested here is:

email openid profile User.Read

Step 6:

Using this scope, gets:

  • Email address of the logged in user
  • Tenant id
  • Access & refresh tokens

These will be used to push the message from your cloud application to the bot.

Messaging between & MS Teams

  • Whenever a message needs to be delivered to a user, the Access token will be used to post the message to the bot with the MS graph API. This access token expires periodically — default is 90days, but can be changed by the admin.
  • When the access token expires, we’ll use the Refresh token to regenerate a new access token.
  • Tenant id is used to identify the account where the data has to be posted.
  • These tokens and tenant Id will be persisted in, to be used in the messaging calls using the Microsoft graph APIs to push data to the bot. Please, refer the doc for further details about the tokens

Please, refer the doc for further details about the tokens.

Related Articles