Sending Teams Message To Any User From A Specific User From PowerAutomate

In this article, we will learn how to send teams message to any user from a specific user(service account) from Power Automate.

Scenario

This is a very specific scenario, but one of my customers wanted to send a teams message to any user from a specific account, they did not want to use the action “Post a Message as a flow bot to a user” because in this case, it displays it as Flow Bot and they wanted to start new conversation 1:1 between this account and user so that conversation can continue in the same context.

Once I explored all the actions available in Power Automate related to Teams message and found that this is not possible using default actions, I knew I had to turn to Graph API.

I found below endpoint that allows us to send messages to the user,

  1. POST /chats/{chat-id}/messages
POST /chats/{chat-id}/messages
 

Reference URL – https://docs.microsoft.com/en-us/graph/api/chat-post-messages?view=graph-rest-1.0&tabs=http

So if we can see in the above endpoint it needs a chat Id as a URL parameter. And also if we look at the above documentation, this endpoint does not support application permission which is fine in my case because I always need to send from a specific account and I will use this specific account authorization.

Below is a screenshot for quick reference of the Permission table.

Sending Teams Message to Any User from a Specific User from PowerAutomate

Now another problem to solve here is how to get a chat id between a specific user and any other users. By manually using teams on web browser using my account I could figure out that chatId is a unique id that is available in URL with any other user. So for every user one: one chat, there is a unique chat id(also known as conversationID) that can be used to send messages.

So I need to find a way to find this chat id with any user(dynamic) from my account, here my learnings from the first option to explore the team’s actions available came in handy. I could figure out that If I use action Create Chat from a specific account and I will get chatId in the reference which we can use to make a 2nd API Call.

If you look at the below action it needs the user’s email address with whom we wanted to initiate chat.

and once you run this or if you add a compose action to see the output of the above action, we can see we get conversationId which is nothing but chatId.

Now let us see how to make an actual Graph API Call. The simplest way to call the Graph API from Power Automate is using Send HTTP Request to Graph endpoint using Azure AD Authentication. But this will not work in our case because this can only be used for Application Permissions and in our case the targeted send message endpoint does not support application permissions.

For this, we would need to create an Azure AD App Registration and provide the necessary permissions. so let us see how to do that.

Create Azure AD APP and Provide necessary Permissions

Go to portal.azure.com, select Azure AD.

Once we are on the below page, select App Registrations from the left side. Select New Registration from the top.

 

On the below page, provide the name of the AD app, select the first option which says to access this API in this tenant only, and click on Register,

Once it is created successfully, we should see the below page. Click on API Permissions and Add a Permission.

At the below options, select Graph API.

In our case, as I said we will be using delegation permission so choose Delegated permission.

Search for text “chat” in the search box and select the below permissions and Click on Add permissions button.

We should see below permission added, We would need to allow Grant admin consent to get token from passive mode as we are supposed to get token from Power Automate.

The next step is to create a client secret which will use later, click on Certificates and secrets from the left blade, Click on New Client Secret.

Provide a description and expiration date based on your preference and click on Add. Once it is added, we can see the secret value like below, we need to make sure to copy it somewhere at this point in time else it would mask later if we move away from this page.

The next step is to get a copy of the client Id, from the left blade, click on Overview, and note the Client Id and Tenant Id as in the below screenshot.

Now we are ready with setup from the Azure AD side to call the Graph API and we have the required information which we will use in Power Automate.

Creating Power Automate

For the sake of simplicity, I will use manually triggered flow but you can do it based on your preference.

The first action was the one which we discussed before is to Create a Chat, enter the targeted user’s email address to whom we need to send a message.

The next step here is to get a user access token, so for this, we will make a POST HTTP Request to the below URL,

  1. https://login.microsoftonline.com/<tenantid>/oauth2/v2.0/token
https://login.microsoftonline.com/<tenantid>/oauth2/v2.0/token
 

Refer to the below screenshot for other configurations.

In header put,

  1. Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
 

In the body put below the URL, please make sure you are encoding secret the values if it contains any special characters.

  1. client_id=<tenantid>&username=sidd@yourdomain.com&password=<enteryourpasswordhere>
  2. &grant_type=password&client_secret@{encodeUriComponent(‘yourclientsecret’)}
  3. &scope=ChatMessage.Send%20Chat.ReadWrite
client_id=<tenantid>&username=sidd@yourdomain.com&password=<enteryourpasswordhere>
&grant_type=password&client_secret@{encodeUriComponent('yourclientsecret')}
&scope=ChatMessage.Send%20Chat.ReadWrite
 

Next, add action Parse JSON to parse the output of the above action to extract access token, and then we can use in next action to pass to actual Graph API endpoint call.

Enter below JSON in the schema,

  1. {
  2. “type”: “object”,
  3. “properties”: {
  4. “token_type”: {
  5. “type”: “string”
  6. },
  7. “scope”: {
  8. “type”: “string”
  9. },
  10. “expires_in”: {
  11. “type”: “integer”
  12. },
  13. “ext_expires_in”: {
  14. “type”: “integer”
  15. },
  16. “access_token”: {
  17. “type”: “string”
  18. },
  19. “refresh_token”: {
  20. “type”: “string”
  21. }
  22. }
  23. }
{
    "type": "object",
    "properties": {
        "token_type": {
            "type": "string"
        },
        "scope": {
            "type": "string"
        },
        "expires_in": {
            "type": "integer"
        },
        "ext_expires_in": {
            "type": "integer"
        },
        "access_token": {
            "type": "string"
        },
        "refresh_token": {
            "type": "string"
        }
    }
}
 

Parse JSON would look like below, Content would be a body object from previous Get Token output.

Now we can use Another HTTP Action to call the actual endpoint.

Enter endpoint as below where conversation id is dynamic.

  1. https://graph.microsoft.com/v1.0/chats/@{outputs(‘Create_a_chat’)?[‘body/id’]}/messages
https://graph.microsoft.com/v1.0/chats/@{outputs('Create_a_chat')?['body/id']}/messages
 

Add Authorization in Headers with access token parameter.

In the request, the body add below JSON,

  1. {
  2. “body”: {
  3. “content”: “Hello Message from Power Automate “
  4. }
  5. }
{
 "body": {
 "content": "Hello Message from Power Automate "
 }
}
 

Please note that you can also send rich HTML messages with images or it can be an adaptive card also.

Save the flow. below is how whole flow would look like,

We have now created flow, to test run flow manually to see if the message is being sent. You should see below output in your teams(from the specific account which we used to get tokens).

Conclusion

In this article, we have explored the below concept.

  • How to send private team chat messages (1:1) to any user from a specific account.
  • Register an Azure AD APP to call Graph API using clientId and Secret.
  • How to get a delegated token from Power Automate using grant type as password bypassing username and password.
  • How to call Graph API from Power Automate using delegated permissions and bearer access tokens.
Share on
Share on facebook
Share on twitter
Share on linkedin
Share on email

3 Responses

Leave a Reply

Your email address will not be published. Required fields are marked *