Showing an external WebApp in Teams tab - Authentication issue

%3CLINGO-SUB%20id%3D%22lingo-sub-2240304%22%20slang%3D%22en-US%22%3EShowing%20an%20external%20WebApp%20in%20Teams%20tab%20-%20Authentication%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2240304%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20using%20some%20important%20company%20pages%20-%20Angular%20applications%20that%20are%20using%20ADAL%2FMSAL%20or%20no%20authentication%20at%20all%20-%20that%20our%20users%20are%20using%20very%20often.%20Currently%20they%20have%20the%20browser%20open%20%2B%20MS%20Teams%20and%20use%20both%20tools.%3C%2FP%3E%3CP%3EI%20thought%20its%20nicer%20to%20show%20our%20App%20inside%20an%20MS%20Teams%20tab%2C%20to%20use%20Teams%20as%20a%20%22browser%22%20and%20to%20make%20life%20easier%20for%20our%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20I%20did%20is%20simply%20creating%20a%20test%20app%20that%20I%20deployed%20to%20our%20tenant.%3C%2FP%3E%3CP%3EThe%20app%20is%20having%20the%20web%20address%20to%20our%20external%20web%20app%20as%20a%20content-uri%20in%20a%20tab%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22David_Elsner_1-1616919731580.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267745iADF2D53F8E7F3853%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22David_Elsner_1-1616919731580.png%22%20alt%3D%22David_Elsner_1-1616919731580.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3ENow%20our%20app%20is%20appearing%20in%20the%20Teams%20client%20on%20the%20left%20side%20after%20installation%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22David_Elsner_0-1616919533910.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267744iC81EEB13658378E3%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22David_Elsner_0-1616919533910.png%22%20alt%3D%22David_Elsner_0-1616919533910.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20launch%20this%20app%20our%20page%20appears%20a%20short%20time%20and%20then%20reloads%20for%20a%20hundred%20times%20at%20once.%3CBR%20%2F%3EWhat%20I%20would%20expect%20is%20a%20redirection%20to%20the%20MS%20page%20to%20login%2C%20to%20get%20a%20token%20for%20the%20user%20(like%20it%20works%20in%20Chrome)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20tried%20out%20different%20scenarios%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EIn%20the%20Teams-Browser%20app%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E-%20Everything%20works%20perfectly%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%3CSTRONG%3En%20the%20Teams%20Desktop%20app%20-%20that%20everyone%20is%20using%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E-%20Using%20ADAL%20with%20redirection%20method%20%3D%26gt%3B%20Like%20described%20above%3C%2FP%3E%3CP%3E-%20Using%20MSAL%20with%26nbsp%3B%3CSPAN%3EinteractionType%3C%2FSPAN%3E%3CSPAN%3E%3A%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3E%3CSPAN%3EInteractionType%3C%2FSPAN%3E%3CSPAN%3E.%3C%2FSPAN%3E%3C%2FEM%3E%3CSPAN%3E%3CEM%3EPopup%3C%2FEM%3E%20%3D%26gt%3B%20Tries%20to%20open%20%22about%22%20in%20the%20MS%20store%2C%20because%20there%20is%20no%20app%20available.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E-%20Using%20MSAL%20with%26nbsp%3BinteractionType%3A%26nbsp%3BInteractionType.Redirect%20%3D%26gt%3B%20Blank%20page%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E-%20Using%20an%20app%20without%20any%20authentication%20%3D%26gt%3B%20Works%20as%20expected%2C%20the%20page%20is%20shown%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20am%20now%20confused%20why%20this%20is%20happening.%20The%20teams%20iframe%20does%20allow%20popups%20explicitly%20if%20I%20inspect%20the%20iframe%20with%20DevTools.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EEverything%20we%20want%20is%20to%20display%20one%20external%20page%20with%20MSAL%20%3CEM%3E%3CSTRONG%3Eor%3C%2FSTRONG%3E%3C%2FEM%3E%20ADAL%20authentication%20enabled.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CBR%20%2F%3EAnother%20approach%20I%20tried%3A%20Using%20a%20%22real%22%20teams%20App%20that%20uses%20SSO.%20Once%20I%20have%20the%20token%20I%20pass%20it%20to%20the%20iframe%20with%20a%20%23token%3Dey....%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EHowevery%2C%20this%20approach%20also%20does%20not%20work%20and%20the%20page%20is%20blank.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20think%20I%20am%20already%20to%20complicated%20in%20how%20I%20think.%20There%20must%20be%20an%20easy%20solution%20for%20this%20problem.%20Any%20proposals%20are%20highly%20appreciated.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2240304%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eadals%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMSAL%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2241988%22%20slang%3D%22en-US%22%3ERe%3A%20Showing%20an%20external%20WebApp%20in%20Teams%20tab%20-%20Authentication%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2241988%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F431566%22%20target%3D%22_blank%22%3E%40David_Elsner%3C%2FA%3E%26nbsp%3B%20Please%20go%20through%20the%20working%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FOfficeDev%2FMicrosoft-Teams-Samples%2Ftree%2Fmain%2Fsamples%2Ftab-sso%2Fcsharp%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ETab%20SSO%20%3C%2FA%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FOfficeDev%2FMicrosoft-Teams-Samples%2Ftree%2Fmain%2Fsamples%2Ftab-sso%2Fcsharp%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Eauthentication%3C%2FA%3E%26nbsp%3B%3C%2FSPAN%3Esample.%20It%20may%20help%20you.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

We have some important company websites - Angular applications that are using ADAL/MSAL or no authentication at all - that our users are using very often. Currently they have the browser open + MS Teams and use both tools.

I thought its nicer to show our App inside an MS Teams tab, to use Teams as a "browser" and to make life easier for our users.

 

What I did is simply creating a test app that I deployed to our tenant.

The app is having the web address to our external web app as a content-uri in a tab:

David_Elsner_1-1616919731580.png

Now our app is appearing in the Teams client on the left side after installation:

David_Elsner_0-1616919533910.png

 

If I launch this app our page appears a short time and then reloads for a hundred times at once.
What I would expect is a redirection to the MS page to login, to get a token for the user (like it works in Chrome)

 

I tried out different scenarios:

 

In the Teams-Browser app:

- Everything works perfectly

 

In the Teams Desktop app - that everyone is using:

- Using ADAL with redirection method => Like described above

- Using MSAL with interactionType: InteractionType.Popup => Tries to open "about" in the MS store, because there is no app available. The popup blocker cannot be a problem, because I have a button for login (user interaction) so I expect a window opening where I can login, but I get this:

David_Elsner_0-1616927537146.png

I can never press ok - why is not a browser used?

- Using MSAL with interactionType: InteractionType.Redirect => Blank page

- Using an app without any authentication => Works as expected, the page is shown

 

I am now confused why this is happening. The teams iframe does allow popups explicitly if I inspect the iframe with DevTools.

 

Everything we want is to display one external page with MSAL or ADAL authentication enabled.


Another approach I tried: Using a "real" teams App that uses SSO. Once I have the token I pass it to the iframe with a #token=ey....

 

Howevery, this approach also does not work and the page is blank.

 

I think I am already to complicated in how I think. There must be an easy solution for this problem. Any proposals are highly appreciated.

 

 

 

 

 

 

5 Replies

@David_Elsner  Please go through the working Tab SSO authentication sample. It may help you. 

 

@Mamatha-MSFT I also found this sample. One question about this. I found two different ways to authenticate. First way is to use authentication through SSO - another way is this one: "Authenticate a user in a Microsoft Teams tab". Can you tell the difference?

I was hoping to launch my own angular app in the tab without doing too much efford (extra hosting etc..) but it might not be possible. 

@David_Elsner Authentication using Azure AD is used to get access to the user's profile information from Azure AD and Microsoft Graph. 
 single sign-on (SSO) is used to consent the app. If a user consents to use your app, they do not have to consent again on another device as they are signed in automatically. 

@David_Elsner Please let us know does that help clarify.

@Mamatha-MSFT Has this issue been resolved?  I'm also facing the same issue.  Using Azure B2C, MSAL, InteractionType.Popup, Angular frontend.  On Teams browser version, it works but on Teams windows app it does not.  It tries to open the about page for the popup and points to windows store.

www.000webhost.com