Description
When using the teams users app add command, we are getting a 403.
Steps to reproduce
m365 teams user app add --appId $app.id --userId $currentUser.id --verbose --debug
Expected result
I would expect a 200 if the app is not already installed.
Actual result
Getting a 403 Forbidden. When looking at the JWT used we find the following scoped : AllSites.FullControl AppCatalog.ReadWrite.All Directory.AccessAsUser.All Directory.ReadWrite.All Group.ReadWrite.All IdentityProvider.ReadWrite.All Mail.ReadWrite Mail.Send Reports.Read.All Tasks.ReadWrite TermStore.ReadWrite.All User.Invite.All User.Read.All
To support adding an app as a user personal app, the required permissions are the following
| Permission type |
Permissions (from least to most privileged) |
| Delegated (work or school account) |
TeamsAppInstallation.ReadWriteForUser |
| Delegated (personal Microsoft account) |
Not supported. |
| Application |
TeamsAppInstallation.ReadWriteForUser.All |
Therefore, the PnP Management Shell should require these permissions, or we should be able to elevate our permissions with the consent command, maybe?
Environment
3.1.0 on Windows
Description
When using the teams users app add command, we are getting a 403.
Steps to reproduce
m365 teams user app add --appId $app.id --userId $currentUser.id --verbose --debug
Expected result
I would expect a 200 if the app is not already installed.
Actual result
Getting a 403 Forbidden. When looking at the JWT used we find the following scoped :
AllSites.FullControl AppCatalog.ReadWrite.All Directory.AccessAsUser.All Directory.ReadWrite.All Group.ReadWrite.All IdentityProvider.ReadWrite.All Mail.ReadWrite Mail.Send Reports.Read.All Tasks.ReadWrite TermStore.ReadWrite.All User.Invite.All User.Read.AllTo support adding an app as a user personal app, the required permissions are the following
Therefore, the PnP Management Shell should require these permissions, or we should be able to elevate our permissions with the consent command, maybe?
Environment
3.1.0 on Windows