Share via

Authentication in Microsoft Teams Custom Apps: Tabs

testuser7 271 Reputation points
2020-09-24T13:52:14.1+00:00

Hello,

I have a quick thing to clarify with respect to authentication of custom app-tab in ms-teams, particularly for the channel/group scope type of app.
For static (personal ) apps, it is very intuitive and straight forwar.
The app will invoke ms-teams java-script microsoftTeams.authentication.authenticate()  which will open the popup window and accomplish the full OAuth flow for that particular user.

But when the admin is installing a channel/group scope app and if the app is requiring the authentication, what is the purpose of this authentication.
The app is NOT going to show data of any particular user of the channel.
This app is for everybody in the channel.
So would this app perform client-credential flow type work ? Meaning, it will just take the consent of the app-level permissions from the user and then run the show.

Thanks.

Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
3,053 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,541 Reputation points Microsoft Employee
    2020-09-24T22:50:53.807+00:00

    @testuser7
    If you're referring to the OAuth 2.0 client credentials flow, then yes, the process is very similar. When it comes to the Microsoft Teams authentication flow for tabs, these are similar to websites so they can use OAuth 2.0 directly.

    For more information you can reference:
    Microsoft Teams authentication flow for tabs
    Authentication in Microsoft Teams Apps: Tabs

    28126-teamsauth.jpg

    I have also added the respective "Teams" tags to this thread, incase someone from their team would like to add additional comments/answers.

    If you have any other questions, please let me know.
    Thank you for your time!

    0 comments
  2. testuser7 271 Reputation points
    2020-09-25T12:33:42.853+00:00

    Thanks @JamesTran-MSFT for answering my query.

    I am totally onboard with your explanation and diagram which I am well aware of as long as we are talking about the static-tabs.

    My understanding is the same diagram flow can be triggered and accomplished by the "configurable tab"
    So, if I put it hands-on way,

    let's say there are 3 members on one channel where this configurable tab-app is installed.
    All 3 members will go through this authentication-flow, consent all the scopes required by the tab on their MS-teams client.
    Now, this tab will have OAuth token for all 3 members.
    So if the job of this tab-app was to show the latest 5 emails then would the output-UI on the tab screen would be different for all the 3 members.
    That is not matching with my understanding because as far as I know, the "configurable tab" should provide information that is common and helpful to an entire team.
    There is no member specific information. So what was the use of delegated-OAuth token ?

    If it was static-tab, I would totally understand the importance of sign-in.

    Appreciate your help.

    Thanks.

  3. testuser7 271 Reputation points
    2020-09-26T12:38:27.937+00:00

    Thanks @JamesTran-MSFT

    Will wait for the answer.

    0 comments