问题
I am trying to use identity platform to authenticate users into my custom app that is to be used from within MS Teams.
I am aware that Teams uses iFrame to load the custom apps. So I followed the method mentioned in the FAQs - Q5. I used redirectUri property in the MSALConfig. I am using the index file provided by MS for testing purposes by calling it inside an iFrame tag.
In both cases of acquireTokenSilent and acquireTokenPopup, it gets stuck at the popup window loading the redirect page. Neither the authentication is getting completed nor the popup window getting closed.
回答1:
The following steps can unblock the Teams Tab scenario for the desktop/mobile apps.
Manual Steps
Step 1. Assure you have approved requests in the new API Permission Management Page on the Tenant Admin Site. This creates a client secret behind the scenes.
Step 2. Go to -> https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview
Step 3. Click on SharePoint Online Client Extensibility Web Application Principal
Step 4. Click Manifest on the left menu
Step 5. Copy the id from the oAuth2Permission array
"oauth2Permissions": [
{
"adminConsentDescription": "Allow the application to access SharePoint Online Client Extensibility Web Application Principal on behalf of the signed-in user.",
"adminConsentDisplayName": "Access SharePoint Online Client Extensibility Web Application Principal",
"id": "2143704b-186b-4210-b555-d03aa61823cf",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": "Allow the application to access SharePoint Online Client Extensibility Web Application Principal on your behalf.",
"userConsentDisplayName": "Access SharePoint Online Client Extensibility Web Application Principal",
"value": "user_impersonation"
}
],
Step 6. Replace “preAuthorizedApplications” entry with the following json
"preAuthorizedApplications": [
{
"appId": "00000003-0000-0ff1-ce00-000000000000",
"permissionIds": [
"ID OF THE USER_IMPERSONATION Scope"
]
}
],
Step 7. Hit Save.
回答2:
This issue was solved by changing the implementation to use new feature - SSO instead of MSAL library.
来源:https://stackoverflow.com/questions/57605184/not-able-to-use-identity-platform-within-iframe-ms-teams-custom-tab