microsoftTeams.authentication.getAuthToken() not executing in SharePoint #1407
Comments
|
Hi twgolds! Thank you for bringing this issue to our attention. We will investigate and if we require further information we will reach out in one business day. Please use this link to escalate if you don't get replies. Best regards, Teams Platform |
ghost
added
the
|
Hello @twgolds - Hope you are doing well!! |
|
The documentation for Teams SSO that I followed is : As I say, it works absolutely fine when running with Teams as the host. It's when it's within SharePoint that it fails. Can you send me your email so that I can send you a video? |
|
I had almost the same issue within Office.Com ( except Office.Com returns an error message ). The solution to that problem was simply to add the GUIDs for Office.Com ( web & desktop ) to the app registrations list of authorized client applications. There are no GUIDs for SharePoint listed. Do I need to add something to the App Reg to authorize SPO in the same way that we add GUID's to authorize teams.com & office.com? |
|
Unfortunately, the answer here will not be as satisfying as the answer to the office.com issue you were having. I will use this issue to track:
Thank you for reporting this! |
|
Thanks for the response. What's the timeline for supporting getAuthToken() in SharePoint? And if it's not going to be supported in the near term what's the solution to providing SSO when hosting a Teams app within SPO? The issue this raises is that our Teams App is going into the store shortly and it's supposed to support SPO as well. If users cannot sign in, we'll get a lot of support tickets! |
|
hey @twgolds, Luca here from the SharePoint development platform team. That makes tricky to securely expose an API like getAuthToken that the code can call because, in theory, 3rd party code could call that API, send it off box, and use that in malicious code to call your service and perform OBO token exchange. We are exploring some options to see how we can do that securely but, for now, I unfortunately don't have a timeline I can share with you. Out of curiosity: why do you need to use the Teams line of business model instead of using SharePoint Framework to build your solution for Teams and SharePoint. thank you for reporting this and for spending the time to provide additional details. |
|
Hi @lucabandMSFT
Thanks for the response. I appreciate it is difficult to implement all the
API calls that the Teams SDK provides, however, I do feel that if a certain
call is not supported then the API should return some sort of message
indicating that it is not supported and the non-supported calls should be
documented somewhere!
There are a few reasons why we have used the Teams App model instead of
SPFX.
Our situation is that we have a multi-tenant SAAS application and are able
to surface our SAAS as a Teams App ( as it's "just an iframe" ) and that
works really well. With our current Teams App, we can also show our
application within SPO as a "Full-page application", it also works well.
We also have an old-style SharePoint Add-In ( "It's just an iframe") that
has been in the SharePoint store since 2016 and has been an
effective solution too, but getting long in the tooth.
We're currently upgrading the Teams App to use the getAuthToken call rather
than the previous version of authentication, which opened a pop-up window
for the user to authenticate.
The great advantage of this is that it gets rid of the two main issues that
we encounter with older authentication approach. That is sometimes
pop-ups are blocked and sometimes third-party cookies are blocked ( I'm
looking at you Safari ).
I did look at implementing an SPFX web part a long time ago ( back before
Trump! ) as I took part in a three-day SPFX session in Seattle prior to its
public release. However, not all the right pieces of SPFX were in place at
the time and we had to do a whole load of work to do on our SAAS app.
Once we get the new Teams app out of the door, we'll be taking a more
detailed look at the SPFX Isolated Web Parts as they look like they will be
applicable to our situation.
…On Sat, 22 Oct 2022 at 00:06, Luca Bandinelli ***@***.***> wrote:
hey @twgolds <https://github.com/twgolds>, Luca here from the SharePoint
development platform team.
Unfortunately that's not.. as simple as it sounds. SharePoint as a
container is a little bit more complicated than Teams or let's say
Office.com, because you can run 3rd party code at the container level it
self (meaning: you can create a custom web part running in SharePoint as an
example).
That makes *tricky* to securely expose an API like getAuthToken that the
code can call because, in theory, 3rd party code could call that API, send
it off box, and use that in malicious code to call your service and perform
OBO token exchange.
We are exploring some options to see how we can do that securely but, for
now, I unfortunately don't have a timeline I can share with you.
Out of curiosity: why do you need to use the Teams line of business model
instead of using SharePoint Framework to build your solution for Teams and
SharePoint.
thank you for reporting this and for spending the time to provide
additional details.
—
Reply to this email directly, view it on GitHub
<#1407 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB5KSCIBFZU44NVNRRWYKMTWEMOYLANCNFSM6AAAAAARIAIP44>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
@twgolds, thanks for your feedback. SPFx has evolved quite a bit in the past years and it should now (if that's not the case I would LOVE to get your feedback) provide the same capabilities in Teams as any other LoB / Provider hosted app without the needs of hosting your app elsewhere as you can include all the javascript files in the package and still leverage calls to APIs protected by AAD. Now, there are still some areas (primarily on the end user acquisition from store flow) where Teams LoB apps model has a clear advantage but.. we are getting there. thanks again! |
|
Hi @lucabandMSFT, Thanks, |
|
Hi @divishav , I will leave this issue open and will provide an update as soon as I have one. Thanks, |
I have integrated Teams with SSO into a SAAS application.
When signing in via Teams (desktop or web) everything works as expected.
I have also enabled the SharePoint integration features within the app manifest and added the App package to SharePoint Online:
When opening the "app" within SharePoint following code is executed:
microsoftTeams.app.initialize().then(() => { microsoftTeams.app.notifySuccess(); microsoftTeams.authentication.getAuthToken() .catch((e) => { alert(e); }) .then((token) => { ... do some stuff ... }); });The call to microsoftTeams.authentication.getAuthToken() does not return ( an error, or the token ). The call to initialize then times-out after 5 seconds.
I am unsure whether I am missing any additional configuration to ensure getAuthToken works.
Could you confirm that getAuthToken is expected to work in sharepoint.com? And if so, could you point me in the direction of the configuration required to get it to work?
If it is not supported within sharepoint.com, what is the proposed Microsoft approach to SSO into an Teams-App-Hosted-In-SharePoint?
Thanks
The text was updated successfully, but these errors were encountered: