Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot convert Teams user token to ACS token #6990

Open
redakker opened this issue Mar 28, 2024 · 2 comments
Open

Cannot convert Teams user token to ACS token #6990

redakker opened this issue Mar 28, 2024 · 2 comments
Labels
documentation Related to documentation. msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@redakker
Copy link

Core Library

MSAL.js (@azure/msal-browser)

Wrapper Library

MSAL Angular (@azure/msal-angular)

Public or Confidential Client?

Public

Documentation Location

https://learn.microsoft.com/en-us/azure/communication-services/quickstarts/manage-teams-identity?pivots=programming-language-javascript

Description

I want to convert my Teams User token to an ACS token.
I successfully got my Teams User token with the tool: Angular 16 - MSAL Angular v3 Sample
but
When I want to convert it into ACS token this code drops an error:
const communicationAccessToken: CommunicationAccessToken = await client.getTokenForTeamsUser({ teamsUserAadToken: teamsToken, clientId: this.aadAppId, userObjectId: this.aadTenant, });

Error:
core.mjs:10614 ERROR Error: Uncaught (in promise): RestError: Provided access token is not valid. RestError: Provided access token is not

That token is used which is coming back from the response's payload:
let teamsToken = (this.eventPayload as AuthenticationResult)?.accessToken;

My Teams permissions seem okay.
@redakker redakker added documentation Related to documentation. question Customer is asking for a clarification, use case or information. labels Mar 28, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Mar 28, 2024
@github-actions github-actions bot added msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications labels Mar 28, 2024
@cotufaloschiflones
Copy link

cotufaloschiflones commented Jun 21, 2024
edited
Loading

Hello, any progress here? I'm getting the same error, a 401 error with:

RestError: {"error":{"code":"InvalidAccessToken","message":"Provided access token is not valid."}}

@redakker Have you figured out something about it?

@cotufaloschiflones
Copy link

cotufaloschiflones commented Jul 3, 2024
edited
Loading

@redakker Hello, to me, the logic tells me that you should be able here to use authentication.getToken from teams sdk to use that token (because you are an authenticated user), but doing it like this, doesnt works. Doesnt work neither if you use msal with the proper scopes (Teams.ManageCalls, Teams.ManageChat) and get the token after re-login the user again wich is weird...

But at the end, for me the only way to acquire a valid teams token to exchange by another token from ACS was using InteractiveBrowserCredential like follows:

Create first a tokenCredential based on the method InteractiveBrowserCredential from @azure/identity. This will re-login user again (you'll see a popup instantly)
const tokenCredential = new InteractiveBrowserCredential({ clientId, tenantId });

Then you can ask for a token with the desired scopes to that tokenCredential
const {token: teamsUserAadToken} = await tokenCredential.getToken([ "https://auth.msft.communication.azure.com/Teams.ManageCalls", "https://auth.msft.communication.azure.com/Teams.ManageChats" ])

Then, you can use this generated token like follows:
const identityClient = new CommunicationIdentityClient(connectionString)
const { token } = await identityClient.getTokenForTeamsUser({ teamsUserAadToken, clientId, userObjectId });

hope it helps!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Related to documentation. msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cotufaloschiflones @redakker