docs: add note for auth code flow limitations on mobile (#721)

Co-authored-by: turenlong <[email protected]>
OfficeDev · Mar 13, 2023 · 46ac3ed · 46ac3ed
1 parent 77b357b
commit 46ac3ed
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/graph-toolkit-contact-exporter/README.md b/graph-toolkit-contact-exporter/README.md
@@ -13,6 +13,12 @@ Contact Exporter sample APP provides an easy way to export your teams contact in
 - A Microsoft 365 account. If you do not have Microsoft 365 account, apply one from [Microsoft 365 developer program](https://developer.microsoft.com/en-us/microsoft-365/dev-program)
 - Latest [Teams Toolkit Visual Studio Code Extension](https://aka.ms/teams-toolkit)
 
+## Note 
+- This template has adopted [Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow) to implement SSO. There's a known limitation with mobile platforms such as iOS and a few Android versions where users have to sign in again as the state was not stored due to [third party cookie being blocked by the browser](https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more).
+
+- Due to system webview limitations, users in the tenant with conditional access policies applied cannot consent permissions when conduct an OAuth flow within the Teams mobile clients, it would show error: "xxx requires you to secure this device...".
+
+To achieve full SSO experience, we will recommend you to implement OBO flow to pass your token to a server. See more [here](https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/tab-sso-code#pass-the-access-token-to-server-side-code).
 
 ## What you will learn in this sample:
 - How to use TeamsFx to build frontend hosting on Azure for your tab app.

diff --git a/hello-world-tab/README.md b/hello-world-tab/README.md
@@ -17,6 +17,13 @@ Hello World Tab shows you how to build a tab app and how to get user login infor
 - A Microsoft 365 account. If you do not have Microsoft 365 account, apply one from [Microsoft 365 developer program](https://developer.microsoft.com/en-us/microsoft-365/dev-program)
 - [Teams Toolkit Visual Studio Code Extension](https://aka.ms/teams-toolkit) or [TeamsFx CLI](https://aka.ms/teamsfx-cli)
 
+## Note 
+- This template has adopted [Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow) to implement SSO. There's a known limitation with mobile platforms such as iOS and a few Android versions where users have to sign in again as the state was not stored due to [third party cookie being blocked by the browser](https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more).
+
+- Due to system webview limitations, users in the tenant with conditional access policies applied cannot consent permissions when conduct an OAuth flow within the Teams mobile clients, it would show error: "xxx requires you to secure this device...".
+
+To achieve full SSO experience, we will recommend you to implement OBO flow to pass your token to a server. See more [here](https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/tab-sso-code#pass-the-access-token-to-server-side-code).
+
 ## What you will learn in this sample:
 
 - How to use TeamsFx to build frontend hosting on Azure for your tab app.