---
title: "Example: OAuth Configuration for Microsoft Teams"
slug: "example-oauth-configuration-for-microsoft-teams"
updated: 2026-06-05T20:53:42Z
published: 2026-06-05T20:53:42Z
canonical: "docs.algosolutions.com/example-oauth-configuration-for-microsoft-teams"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.algosolutions.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Example: OAuth Configuration for Microsoft Teams

This guide explains how to:

- Integrate an Algo device with Microsoft Teams using OAuth
- Verify the configuration by sending a test message to a Teams channel
- Use the OAuth profile to send a test message to a Teams channel from an Algo 8450

> [!NOTE]
> Note
> 
> This document includes third-party configuration procedures that are subject to change. It is provided for reference purposes only, and Algo cannot guarantee that the screenshots or procedures will always be current or up to date.

### **Before you start**

Ensure you have the following:

- A Microsoft Teams account
- A Teams channel where messages will be posted

### Procedure Overview

This procedure includes the following steps:

1. [Creating a Microsoft Entra App](/docs/example-oauth-configuration-for-microsoft-teams#creating-a-microsoft-entra-app)
2. [Creating OAuth Authorization Profile](/docs/example-oauth-configuration-for-microsoft-teams#creating-oauth-authorization-profile)
3. [Finding Your Teams ID and Channel ID](/docs/example-oauth-configuration-for-microsoft-teams#finding-your-teams-id-and-channel-id)
4. [Testing "HELLO" Message to Channel](/docs/example-oauth-configuration-for-microsoft-teams#testing-hello-message-to-channel)
5. (Optional): [Configuring an 8450 Button to Send Message to a Teams Channel](/docs/example-oauth-configuration-for-microsoft-teams#configuring-an-8450-button-to-send-message-to-a-teams-channel)

---

### Creating a Microsoft Entra App

Create a Microsoft Entra application and obtain the required credentials for OAuth.

1. Sign in to the [**Microsoft Entra admin center**](https://entra.microsoft.com/auth/login/).
2. Go to **App registrations**and select **+ New registration**.

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/image(832) (1).png)
3. Configure the application details:

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/Screenshot 2026-04-06 110427 (1).png)
  - **Name**: Enter a name for your application. For example, *Algo Device Notifier.*
  - **Supported account types**: Choose the option that fits your deployment.
  - Enter the redirect URI: Select **Web**and enter your device’s callback URL using this format: [https://<ALGO_DEVICE_IP>/control/oauth-callback.lua.](https://&lt;8450-device-ip&gt;/control/oauth-callback.lua.)

> [!NOTE]
> Note
> 
> - The redirect URI must use HTTPS.
> - The redirect URI must match exactly in both Webex and your Algo device's configuration.
4. Select **Register**.
5. After registration, copy these values from the application’s **Overview** page:
  - **Application (client) ID**
  - **Directory (tenant) ID**

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/image(808) (1).png)

You need this information to configure OAuth later.
6. Select **Certificates & secrets**→**+ New client secret.**

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/image(809) (1).png)
7. Enter the client secret details, then select **Add**.

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/image(810).png)
  - **Description**: Enter a description.
  - **Expires**: Select an expiration option.
8. Copy the secret**Value** and save it securely. You will need it when creating the OAuth authorization profile later.

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/Screenshot 2026-04-06 112826 (1) (1) (1) (1) (1).png)
9. Go to **API permissions** →**Add a permission**.

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/image(811) (1).png)
10. Select**Microsoft Graph**.

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/Screenshot 2026-04-06 113637 (1).png)
11. ****Select **Delegated permissions**.

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/Screenshot 2026-04-06 113813 (1).png)
12. Type to search and add each of the following permissions, then select **Add Permissions**.

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/Screenshot 2026-04-06 115211 (1).png)
  - `openid` : Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information.
  - `profile` : Allows the app to see your users' basic profile.
  - `offline_access` : Allows the app to see and update the data you gave it access to, even when users are not currently using the app.
  - `User.Read` : Allows users to sign-in to the app, and allows the app to read the profile of signed-in users.
  - `ChannelMessage.Send` : Allows users to post messages to a channel.

### Creating OAuth Authorization Profile

Create an OAuth profile to store your Teams authentication settings.

Ensure you have the following:

- **Directory (tenant) ID**
- **Application (client) ID**
- **Client Secret**

**To create Teams OAuth Profile:**

1. Log in to your device’s web interface using HTTPS.

HTTPS is required by Teams OAuth process.
2. Go to the **Advanced Settings** → **OAuth**.
3. Set a **Name**for your OAuth profile.
4. Select **MICROSOFT_TEAMS**as the **Provider Type**.
5. Accept the following automatically populated values:
  - **Grant Type**: AUTH_CODE_PKCE
  - **Client Auth Mode**: CLIENT_SECRET_POST
  - **Scope Mode**: SCOPES_LIST
  - **Scope**: `openid profile offline_access User.Read ChannelMessage.Send`
  - **PKCE Method**: S256
  - **Response Type**: code
6. Configure the following:
  - **Client ID**: Enter your **Application (client) ID**.
  - **Client Secret**: Enter your **Client Secret**.
  - **Token URL**: Replace the [{tenant}](https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token) with your **Directory (tenant) ID**in this URL: [https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token](https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token)
  - **Auth URL**: Replace the [{tenant}](https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token) with your **Directory (tenant) ID**in this URL: [https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize](https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize)
  - **PKCE Redirect URI**: Set to `https://&lt;ALGO_DEVICE_IP&gt;/control/oauth-callback.lua`

> [!NOTE]
> Note
> 
> You must use HTTPS in the URI.
> 
> Replace <ALGO_DEVICE_IP> with your device IP.
7. Leave the following fields blank. These values are automatically populated during authorization.
  - **PKCE Authorization Code**
  - **PKCE Code Verifier**
  - **PKCE Refresh Token**

> [!NOTE]
> Note
> 
> Refresh tokens can expire or become invalid for several reasons, such as revoked app access, password changes, unused tokens, or admin policy restrictions. Refer to the OAuth provider’s documentation for more information. If a refresh token expires or becomes invalid, your automation stops working until OAuth access is reauthorized.
8. Set **Extra Params (JSON)**as below:

```plaintext
{
  "prompt": "select_account",
  "jwks_uri": "https://login.microsoftonline.com/{tenent}/discovery/v2.0/keys",
  "resource_hint": "graph",
  "tenant": "organizations"
}
```

Replace the [{tenant}](https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token) with your **Directory (tenant) ID**.
9. Select **START AUTHORIZATION**.
10. Select your Teams account.

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/Screenshot 2026-04-06 133246 (1).png)
11. Select **Create Profile**.****

Your profile appears under the **OAuth Profiles** list.

### Finding Your Teams ID and Channel ID

You must specify a Teams ID and Channel ID to send messages.

**To find Your Teams ID and Channel ID:**

1. Open **Microsoft Teams**.
2. Go to your **Teams**→**Channels**.
3. Select the **More •••**icon next to the channel name.
4. Select **Copy link**.

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/Screenshot 2026-04-06 134205 (1).png)

You’ll get a URL like: [https://teams.microsoft.com/l/channel/19%3Aabc123def4567890%40thread.tacv2/General?groupId=11111111-2222-3333-4444-555555555555&tenantId=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee](https://teams.microsoft.com/l/channel/19%3Aabc123def4567890%40thread.tacv2/General?groupId=11111111-2222-3333-4444-555555555555&amp;tenantId=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee)
5. Extract****the **Teams ID** from the URL:
  - The Teams ID is the string between `groupId` and `&amp;tenantId`.

In the above URL, it’s `11111111-2222-3333-4444-555555555555`.
6. Decode the **Channel ID** from the URL:
  1. Extract the string between `channel/` and `/General` .

In the above URL, the string is: `19%3Aabc123def4567890%40thread.tacv2`
  2. In the string, replace `%3A` with `:` and `%40` with `@` .

In the above string, the Channel ID is: `19:abc123def4567890@thread.tacv2`

### Testing "HELLO" Message to Channel

You can test sending messages to the Teams channel.

Ensure you have the following:

- **Teams ID**
- **Channel ID**

**To test sending messages to a Teams Channel:**

1. Log in to your device’s web interface using HTTPS.

HTTPS is required by Teams OAuth process.
2. Go to the **Advanced Settings** → **OAuth**.
3. Select your **MICROSOFT_TEAMS**profile from the **Test OAuth Profile** dropdown list.
4. Select **MICROSOFT_TEAMS**as the **Provider Type Template.**
5. Enter **Target URL and Path** by entering the **Teams ID** and **Channel ID** in this URL:

[https://graph.microsoft.com/v1.0/teams/<teams-id>/channels/<channel-id>/messages](https://graph.microsoft.com/v1.0/teams/&lt;team-id&gt;/channels/&lt;channel-id&gt;/messages)
6. In the **Data Payload**, enter your **Channel ID.**

```plaintext
{
  "body": {
    "content": "HELLO!"
  }
}
```
7. Select **RUN OAuth Test**.

Upon success:
  - The message is posted to the Teams channel.

  

A successful response is displayed.

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/image(842).png)

### Configuring an 8450 Button to Send Message to a Teams Channel

You can configure a button on the Algo 8450 to send messages to a Teams channel using an existing OAuth profile.

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/image(838).png)

**To configure a 8450 button to send messages to a Teams Channel:**

1. Create a button on a 8450 screen.
2. Set the **Button Status** to **Enabled.**
3. Configure the following:
  - **Text**: Enter the button display text.
  - **Action**: Set to **Send API Request**.
  - **Number of API Requests**: Set to **1**.
  - **Request 1 - Command**: Set to **Other**.
  - **Request 1 - Method**: Set to **POST**.
  - **Request 1 - Custom Path**: Set to `v1.0/teams/{teams-id}/channels/{channel-id}/messages`.

Fill in your **Teams ID** and **Channel ID** in this URL.
  - **Request 1 - Targets**: Set to `graph.microsoft.com`.
  - **Request 1 - OAuth Profile**: Select your Teams profile.
  - **Request 1 - Headers**: Set to **Custom Headers**.
  - **Request 1 - Custom Headers**: Set to `Content-Type: application/json; charset=utf-8`.
  - **Request 1 - Data Payload**: You can use the default payload.

```plaintext
{
  "body": {
    "content": "HELLO"
  }
}
```
4. **Select Save.**

Press the button and verify that the message is posted to the Teams channel.

### Troubleshooting

**I got a 502 error when I run the OAuth Test**

You may be logged out of your Algo device’s web interface. Log in again and retry.

**Why can’t I send messages to private channels?**

Your user account must be invited to private channels first.

**After I run the “Start Authorization” again, my OAuth Test fails**

Each time you run **Start Authorization** again, select **Update Profile** to save the new credentials before running the test.

![](https://cdn.document360.io/f6f5e62d-d280-487f-9da7-5926ffd53b5f/Images/Documentation/Screenshot 2026-04-06 151132 (1).png)

**My OAuth profile stops working.**

An OAuth profile can stop working if the OAuth provider rejects or invalidates the access or refresh token. Refer to the OAuth provider’s documentation for more information. If this occurs, the OAuth profile must be reauthorized.