4,150 questions
Handling login in embedded web app (iframe) in Teams app on Mac
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 76%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Jonas Reinholdt / Intility AS
5
Reputation points
We have a web app (single page application) that uses msal-react for authentication. We recently introduced it as a Teams app, which has been working seamlessly for Windows users with silent login.
const { login, error } = useMsalAuthentication(
InteractionType.Silent,
loginRequest
)
However, a problem arises when Mac users open the app in the Teams client (no problems accessing the Teams app in the browser) - silent login fails with the following error:
AADSTS50058: A silent sign-in request was sent, but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD (Azure Active Directory). This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in a different Internet Explorer security zone than the Azure AD endpoint (login.microsoftonline.com).
Why isn't the user signed in during the silent login when accessing through the Teams client on Mac? Is it possible to achieve this?
I'd really like to solve the issue here, as it would make it unnecessary to dive any deeper. But, if it isn't possible, then read further.
If silent login fails, we retry with a redirect login by default.
login(InteractionType.Redirect, loginRequest)
This fails with the following error:
BrowserAuthError: redirect_in_iframe: Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs.
Following the advice of error, we tried switching to popup login:
login(InteractionType.Popup, loginRequest)
But this also fails:
BrowserAuthError: popup_window_error: Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.
So now I'm quite confused, I can't do any interactive login with MSAL. So then I tried using the Teams JS SDK to get an auth token (although I wouldn't know how to authenticate the user with that token), but that seemed to just fail silently without logging anything:
authentication
.getAuthToken()
.then(() => {
console.log('Get auth token successful')
})
.catch(error => {
console.error('Get auth token failed:', error)
})
I also tried using authentication.authenticate(), but quickly realized you can't pass it the login.onmicrosoft URL.
Microsoft Teams | Development
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 24%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
JimmyYang-MSFT 58,646 Reputation points Microsoft External Staff2025-03-13T02:07:16.5366667+00:00 Hi @Jonas Reinholdt / Intility AS
Teams tag is mainly focused on the general issue of Microsoft Teams troubleshooting. Since your issue is more related to development issue, which is not in our support scope. Thanks for your understanding and patience!
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 85%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
Nivedipa-MSFT 3,646 Reputation points Microsoft External Staff Moderator2025-03-13T05:32:31.13+00:00 @Jonas Reinholdt / Intility AS -
The errorAADSTS50058indicates that the user's session cookies are not being sent in the request to Azure AD. This can happen due to several reasons, such as:- Third-Party Cookies Blocked: Mac browsers, especially Safari, have stricter policies regarding third-party cookies. Ensure that third-party cookies are allowed in the browser settings.
- Teams Client Behavior: The Teams client on Mac might handle cookies differently compared to the browser. This could be causing the session cookies not to be sent.
You can try the following solutions and check:
- Check Cookie Settings: Verify that third-party cookies are enabled in the Teams client on Mac.
- Use Teams SDK for Authentication: Since MSAL's silent login is failing, you can use the Teams JavaScript SDK to handle authentication.
- Interactive Login Fallback: If silent login fails, you can use the Teams SDK to prompt the user for interactive login. This can be done using
microsoftTeams.authentication.authenticate
Handling Redirect and Popup Errors
- Redirect Login: Ensure that your app is not running inside an iframe when using redirect login. Redirects are not supported within iframes.
- Popup Login: Make sure popups are not blocked in the browser settings. If popups are blocked, the popup login will fail.
Please let us know if you are having any further query here.
-
Jonas Reinholdt / Intility AS 5 Reputation points
2025-03-13T09:39:30.3766667+00:00 Third-Party Cookies Blocked: Mac browsers, especially Safari, have stricter policies regarding third-party cookies. Ensure that third-party cookies are allowed in the browser settings.
The problem does not occur in the browser.
Check Cookie Settings: Verify that third-party cookies are enabled in the Teams client on Mac.
I cannot find any setting like this. Are you sure it is possible? Either way, the issue seems to be affecting all Mac users, asking all of them to update their settings must surely be unnecessary.
Interactive Login Fallback: If silent login fails, you can use the Teams SDK to prompt the user for interactive login. This can be done using
microsoftTeams.authentication.authenticateAssuming I got this to work, I'd just get a token right? How would I set this as the active account with msal-react?
Popup Login: Make sure popups are not blocked in the browser settings. If popups are blocked, the popup login will fail.
I can't change browser settings in the Teams client.
Sign in to comment
Sign in to answer