Skip to content

serverless-me/msteams-tab-js-msal

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
JavaScriptSPA
JavaScriptSPA
 
 
Manifest
Manifest
 
 
docs
docs
 
 
.gitignore
.gitignore
 
 
Readme.md
Readme.md
 
 
package.json
package.json
 
 
server.js
server.js
 
 

Repository files navigation

Documentation on Authentication and Authorization for Teams Tabs

How to use MSAL in a Teams Tab is described in this blog post by Bob German. The blog post is linked to this sample using REACT

The sample in this repository is based on the same approach, but uses only Node.js and JavaScript.

Authentication & Authorization Flow

This sample is using only JavaScript for the implementation of the authentication popup:

  1. If the user is already authorized, there will be no popup and the token will be acquired silently:
    if (msalClient.getAccount()) {
        microsoftTeams.getContext(function (context, error) {
            tokenRequest.loginHint = context.loginHint;
            msalClient.acquireTokenSilent(tokenRequest)
            .then(response => {
                graphApp.accessToken = response.accessToken;
                graphCallback();
            })
            .catch(error => {
                console.log(error);
                console.log("silent token acquisition fails. acquiring token using popup");
                    
                teamsAuth.signIn(graphCallback);
            });;
        });
    }
  1. a popup is created using Microsoft Teams SDK (auth-start.html)
    signIn: function(graphCallback){        
        microsoftTeams.authentication.authenticate({
            url: window.location.origin + "/auth-start.html",
            width: 600,
            height: 535,
            successCallback: function (response) {
                console.log("Successfull callback");
                graphApp.accessToken = response.accessToken;
                graphCallback();
            },
            failureCallback: function (reason) {
                console.log("callback failure");
            }
        });
    }
  1. within the popup there is a redirect to Azure AD login page using MSAL
    if (msalClient.getAccount()) {
        tokenRequest.loginHint = msalClient.getAccount().userName;
        msalClient.acquireTokenRedirect(tokenRequest);
    }
    else{
        msalClient.loginRedirect(tokenRequest);
    }
  1. after login the user is redirected to auth-end.html (specified in Azure App Registration) and the successfull login is confirmed using Microsoft Teams SDK
    if (msalClient.getAccount()) {
        tokenRequest.loginHint = msalClient.getAccount().userName;
        msalClient.acquireTokenSilent(tokenRequest)
        .then(tokenResponse => {
            microsoftTeams.authentication.notifySuccess(tokenResponse);
        })
        .catch(error => {
            microsoftTeams.authentication.notifyFailure(error);
        });
    }

Prerequisites

Azure App Registration

  1. Authentication

Authentication

  1. API Permissions

ApiPermissions

  1. Expose API

Expose API

Replace the placeholders with your ngrok domain and App ID

  1. In the manifest.json
  2. In the msalClient.js

Run the sample with NGROK

ngrok http -host-header=rewrite 3978

References

About

Add a SPA to teams and add authentication with a pop-up

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages