graph toolkit SSO without Login Component

Contributor

in my teams tab i have followed the below link and authenticated Teams Tab.

https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-aad-sso

I want to able to use graph tool kit with out Login component as i have sso for tab, 

is it possible to do so?  if so can i call the graph toolkit components

 

 

15 Replies

@Umag98 - Hello,
Have a look at Microsoft Graph Toolkit providers. You can use Custom provider - Microsoft Graph | Microsoft Docs. Let me know if you need any help. 

 

Thanks, 

Hunaid Hanfee

-------------------------------------------------------------------------------------------------------------------------------------------- 

If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate. 

@HunaidHanfee-MSFT 

 

I tried using the simple provider.
it is not working as expected.

  provider = new SimpleProvider(async function getAccessTokenhandler(scopesstring[]) {
                        try {
                            let _accessToken = localStorage.getItem("accessToken");
                            if (_accessToken) {
                                return _accessToken;
                            }
                            
                        } catch (error) {
                            console.log(error);
                            return error;
                        }
                    });
                    Providers.globalProvider = provider;
                    Providers.globalProvider.setState(ProviderState.SignedIn);
 
and i am trying to call the People picker
<div>
            {gotAccessToken && <div><PeoplePicker {...props.pickerType === "person" ? { type: PersonType.person } :
                { ...props.pickerType === "group" ? { type: PersonType.group } : { type: PersonType.any } }} {...props.isPickerDisabled ? { disabled: true } : undefined}
                defaultSelectedUserIds={defaultPickerValue} selectionMode={props.selectionMode} selectionChanged={handleSelectionChanged} />
                {props.toShowSelectedPeople && <div>Selected People: <People people={people} /></div>}</div>}
            {!gotAccessToken && <Spinner label="Loading..." ariaLive="assertive" labelPosition="left" />}
        </div>
 
The accessToken i am getting from the asp.net web api,


with which i am able to call graph apis. in the asp.net core webapi.
i am using the same here, but it is not working.
this is the error I get when i try to do it
  1. error: {code: "InvalidAuthenticationToken", message: "Access token validation failure. Invalid audience.",…}
    1. code: "InvalidAuthenticationToken"
    2. innerError: {date: "2021-08-24T08:27:14", request-id: "494c6420-fedc-4314-b71f-2f8e188a38c1",…}
    3. message: "Access token validation failure. Invalid audience."
@Umag98 - Looks like your configuration is wrong for token validation "audience".
Could you please reverify & test it again.

@ChetanSharma-msft '
As I already have a accessToken, i can pass that right, or should i pass the assertion token from the teams ?

 

@Umag98 : Hello I have tried this with access token I got following this doc: Get access without a user

I tested with the snippet you shared and it worked fine. Could you please tell the endpoint you are using to get access token? Also, it would be better if you can share the whole request(by hiding the private information). Please go through this question to understand more about the error you got : 
Access token validation failure. Invalid audience. - Microsoft Q&A 

our endpoin is :https://login.microsoftonline.com/{0}/oauth2/token

{ "client_id", },
{ "client_secret", },
{ "scope", },
{ "resource", },
{ "grant_type", },
{ "requested_token_use", },
{ "assertion", }

@Umag98 : 

Hey,
I think you should use this endpoint
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Please follow this:
Get access without a user -> Get an access token

Also you need these permissions : link

@Umag98, Let us know if you still facing any issue.
Is their any special need to change the end point as we are using the same endpoint to use graph api call.
No, token you get from this endpoint also works for all graph API.
Please make sure that permission are given to you App registration.
Can i know which are those permission.?

@Umag98 - Hello , 
I have shared Permission in previous comment - 


@HunaidHanfee-MSFT @ wrote:

Also you need these permissions : link


Please follow this link: People-picker - Microsoft Graph Permissions.
Please have a look, let us know if you have any query.
Thanks

Does this solve your issue?
-------------------------------------------
If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate.
Please debug the token - https://jwt.io/#debugger-io . check if you are getting the required permissions in it
www.000webhost.com