FME Version
Introduction
This article will show you how to configure the Microsoft Teams (Graph) web service, available on FME Hub.
The purpose of the Microsoft Teams (Graph) web service is to allow users to authenticate with the Microsoft Graph API in order to interact with Microsoft Teams from FME, using the MicrosoftTeamsConnector transformer.
Microsoft Graph is a RESTful web API that enables you to access Microsoft Cloud service resources, like Microsoft Teams.
To interact with the web API, an auth token is required. Instead of repeatedly (manually) obtaining that auth token, or cluttering up a workspace with a string of HTTPCallers to do the auth flow, an FME web service and web connection can be used.
For more information, please read this article: Web Connections and FME
Prerequisites
Creating a web service requires some understanding of authorization and authentication, so it is recommended to review the Microsoft documentation: Authentication and authorization basics for Microsoft Graph.
Many of the steps in this tutorial will refer to Microsoft documentation.
Please note that setting up web services, web connections and custom ‘connector’ transformers relies heavily on external (to FME) documentation and services. Any content linked or screenshots are subject to change.
It is recommend to have both FME and Azure Portal open at the same time to copy information between the two.
Step-by-Step Instructions
1. Register your application with the Microsoft identity platform
In order to get a token, the application must first be registered with the Microsoft identity platform, which is done through the Azure Portal.
Registering your application integrates it with the identity platform and will provide the information needed to get tokens, such as:
- Application (Client) ID
- Redirect URI
- Application (Client) Secret
- Tenant
All of these are requirements in FME to set up a web service:
Follow these instructions to register your application: Register an application with the Microsoft identity platform
For the platform and redirect uri configuration, leave it set to Web and you can use http://localhost.
If your web connection will be on FME Server, you may need to add an additional redirect uri of http(s)://<YourFMEServerHostname>/fmeoauth
You can enter additional URIs on the Authentication blade in the Azure Portal.
The Application (client) ID can be found on the Overview page of the App Registration:
2. Edit the Microsoft Teams (Graph) web service in FME
In FME, you will need to create a new web service. To access the below dialog window, open FME Options > Web Connections > Manage Web Services > Microsoft Teams (Graph)
You will need to enter in the Application (client) ID and redirect URI obtained in step 1.
3. Configure application permissions
In Azure Portal you will need to configure the permissions that the application will need.
If you’re unsure what permissions to give, you can use the Microsoft permissions reference or the Microsoft Graph REST API
v1.0 reference.
For the MicrosoftTeamsConnector, you will need the below permissions:
Microsoft Graph:
Channel.ReadBasic.All
ChannelMessage.Send
Directory.Read.All
Group.Read.All
User.Read
These are obtained from the following API calls in the MicrosoftTeamsConnector:
List joinedTeams
List channels
Create chatMessage in a channel
Get filesFolder
List children of a driveItemAccess a group team site
You will need to grant admin consent for your organization:
4. Obtain Client Secret
Within your app registration in Azure Portal, select Certificates & secrets. Under Client secrets, click New client secret to create a new secret. You can configure a description and expiration interval. You must copy the value of the new secret at this point as the full value of the client secret is only displayed to you once. Ensure that you’re copying the secret value, and not the ID.
Copy this client secret to the Microsoft Teams (Graph) web service definition in FME.
For Microsoft's examples of how to do this, see here or here.
5. Configure the tenant
FME will request permission by making an authorization request. FME needs to know what the authorization endpoint is and that includes the tenant.
To find your tenant read this page: Microsoft identity platform endpoints
The tenant value will depend on the accounts you chose to support when registering the application. If your application is single-tenant, your tenant value will be your tenant ID. If your application is multi-tenant your tenant value will be common.
If you’re unsure, you can check in the Azure Portal, either on the Authentication blade:
or by clicking on Endpoints on the overview page:
Copy these endpoints into your web service definition in FME:
6. Test the web service
Now that the web service is configured in FME, click Apply and then Test.
You should be prompted to sign into your Microsoft account.
If it is successful you can go on to create a Microsoft Teams web connection.
If it fails, the error message should provide insight into why.
Comments
0 comments
Please sign in to leave a comment.