Whitelist Teams Application Domain to allow Microsoft Login Page to be embedded

Question

Hi,
We have a ms teams extension application that can be loaded as a tab. In the tab, we are using an iframe to load another custom application.
This custom application has a trust established with azure to allow login through microsoft.
When we load our ms teams application through the browser, we get an error ' login.microsoftonline.com' refused to connect. This happens when there is no active session present. When a session is present (i.e. the user has already logged into microsoft teams in another tab) , the login goes through.
When we load our application through developer portal in the ms teams desktop application, the login page does not load, irrespective of a session.
Is there a way to whitelist our ms teams extension application domain to allow the login page to embed as the application is being used in ms teams?
Thanks!

Answer 1

Login pages don't render in iFrames, as a safeguard against clickjacking. Your authentication logic needs to use a method other than redirect. For example, use token-based or cookie-based authentication.

Please refer prerequisites of Tabs in Teams:
https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/tab-requirements

Thanks,
Nivedipa

---

If the response is helpful, please click "Accept Answer" and upvote it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate.