FAQ
Is this a Teams bot?
No. The current CLI is a Microsoft Graph command-line tool. Future unattended posting should use Teams bot mode.
Can agents send messages?
Yes, with delegated auth. Messages appear as the signed-in user.
Can client credentials post normal messages?
No. Client credentials are not the normal live Teams message posting model.
Where are tokens stored?
In the OS keyring. Config files store identifiers and preferences, not tokens.
Can we import a Teams token from fossteams?
No. fossteams/teams-token captures tokens for Teams-specific resources, not Microsoft Graph. OSO MS Teams CLI calls Graph, so TEAMS_CLI_ACCESS_TOKEN must contain a Microsoft Graph access token. Captured Teams client tokens fail with Invalid audience.
The reason people reach for token capture tools is usually setup friction: app registration, consent, admin approval, or confusing auth errors. The supported answer is delegated Graph login through the OSO public client app, BYO Entra app mode for controlled tenants, and clearer auth diagnostics.
Does OSO get access to our tenant when we consent?
No. Consent lets the OSO public client app request delegated Microsoft Graph tokens when a user signs in. For CLI-only use, tokens stay on the machine or runner where the CLI runs, and Graph calls go directly from that process to Microsoft Graph.
Why does the CLI need admin consent?
Some Teams and Graph permissions are broad enough that Microsoft requires admin approval, or the tenant policy may require admin approval for all third-party apps. Review Security and Consent and Permissions Matrix before approving.
Can we use our own Entra app?
Yes. Use BYO app mode when your tenant requires internal ownership, verified internal branding, narrower scopes, or a stricter consent lifecycle.
teams auth login --device-code --client-id <customer-client-id> --tenant-id <tenant-id>
How do we revoke access?
Users can run teams auth logout --all to remove local tokens. Tenant admins should also revoke permissions, disable, or delete the OSO Teams CLI enterprise application in Microsoft Entra.
What should agents parse?
Use --output json, branch on exit code, then parse the JSON envelope.