I am tenant admin in my companies tenant and I can confirm, that the Subscription.ReadWrite.All permission does not exist for us in the Graph API permissions section.
Subscriptions.Read.All does exist under delegate permissions.
Thanks @SMS-T1, but if that permission doesn’t exist, what’s the problem? Are there any other permissions missing?
Actually, I’m not sure if the problem is with Azure or n8n.
I’m facing the exact same issue as you. I tried creating a flow that disables and re-enables the workflow periodically — just to check if it could help with some kind of Graph API re-indexing or webhook refresh behind the scenes.
Unfortunately, that didn’t solve it either. The trigger still works only occasionally and then stops listening to new messages, even though permissions and everything else seem to be correctly set.
I had same problem, but I think that the problem was, that my n8n was not publicly reachable. Once I setup public IP for my n8n, the trigger started working even without this permission that is missing in the Azure tenant.
Same here. Trigger works for a few days then stops. There are no error logs. I have app registered in azure with all credentials (please note that trigger does work at the beginning, but after couple days it stops). I also registered weebhook url on teams team. Still The same.
When you add teams trigger and setup everything try:
this will show you active subsriptions (this is something that teams use to notify n8n about new message). You should be able to see your subscription somewhere on that list.
But if you dig bit more there will be also something like:
expirationDateTime
and this is why our nodes work and after a while stops. Because our subcriptions expires. I am not sure if it is possible to refresh if somehow. But maybe this will enough hint for someone else to help all of us with that.
Maybe it is strictly related with those mentioned permission. I also saw that
creatorId
is pointing on my user ID instead of n8n app.
Can anyone with this issue tell me whether you are using an IP address or a domain name for hosting your n8n instance or as your webhook URL? I am awaiting a domain name to test, but I have a theory that Microsoft Graph API won’t send the webhook data to an IP address. ChatGPT and Grok are both telling me that Microsoft Graph requires a domain with a TLS cert tied to a trusted CA. I am using a trusted cert, but to an IP address. I should be able to test next week, but I am curious if anyone else who is having this issue is using an IP and/or an untrusted TLS cert.
My investigation showed that the subscription ends after 3 days and Microsoft is unable to refresh it. I’m not sure why. I created another workflow to manually refresh the subscription, and it’s working like a charm. I’ll test it for a few more days, and if I don’t encounter any issues, I’ll let you know how to set it up.
Hello All,
It turned out that n8n does not refresh subscriptions that expire after 3-4 days. So I divided my flow into two. The first one (run once a day) retrieves active subscriptions (Get https://graph.microsoft.com/v1.0/subscriptions) and searches for the one with the n8n weebhook URL that I saved earlier. Once it finds the right one, it retrieves the ID from it. Based on the ID, you can create a Patch (https://graph.microsoft.com/v1.0/subscriptions/{ID}) and renew the subscriptions. This prevents them from expiring. If the above description is too complicated for anyone, please let me know. I will try to post my flow here.
Oh, and one more thing. To the second flow (the one with teams), I added On Error (node - settings - on error - Continue (using error output) and in error I added WAIT and then went back to the same node. I noticed that for some reason I sometimes get a fail and cannot retrieve messages. Then, when I restarted, everything worked. Wait solved this problem. Since introducing these fixes, everything has been running smoothly for me.
