MS Teams - Failed to get channel id by name: Request failed with status code 403

Request body:
{
  "message": {
    "to": {
      "ms_teams": {
        "team_id": <team_id>,
        "channel_name": "Tests",
        "tenant_id": <tenant_id>
      }
    },
    "template": <template_id>,
    "data": {
      // my data
    },
    "providers": {
      "msteams": {
        "override": {
          "config": {
            "appId": <ms_teams_app_id>,
            "appPassword": <ms_teams_app_password>
          }
        }
      }
    }
  }
}

Response:
{
  "channel": {
    "id": "ab5806cb-38c4-4e96-9bb6-33f94aa5d22a",
    "taxonomy": "direct_message:msteams",
    "label": ""
  },
  "configuration": "c9fa1f80-3029-476e-bf7c-b3724965e8da",
  "provider": "msteams",
  "willRetry": false,
  "errorMessage": "Failed to get channel id by name: Request failed with status code 403"
}

After Oauth flow, I confirmed my MS team app has these permissions

• ChannelSettings.Read.All
• TeamSettings.Read.All
• User.Read.All

Any thoughs?

Hi there! This error can happen if the bot does not have either the required permissions, OR the admin consent on the three assigned permissions in the Azure app config (see screenshot below). The exact root cause in your environment may be slightly different, but this example should highlight that without these permissions, the bot cannot determine which channel corresponds to the one whose name is specified in the Courier send config.

image2672×1304 356 KB

Hi @jon, thank you for your reply.

I confirmed the application has both the required permissions and admin consent on the three assigned permissions in the Azure app config (see screenshot below).

image1361×641 43.7 KB

This is the MS Teams app, not the bot.
We ask the customers to connect MS Teams to retrieve access tokens via Oauth2.
Once we get access tokens, we can retrieve the MS team ID and channels.
To integrate MS teams on Courier, does the app need to be the bot?

Thank you in advance.