Demo showcasing authentication using Microsoft Team's built-in user token.
npm install
npm start
Before you deploy this application, you will need to set up the following:
Firstly, set up a new app registration in Azure (skip to the next section if you have already done so).
- Open the Azure Portal.
- Head to 'Microsoft Entra ID' > 'App registrations'.
- Select 'New registration'.
- Follow the on-screen instructions to create a new app registration.
Next, you will need to expose an API for the Microsoft Teams client to use to perform authentication as the app.
-
In the 'App registrations' page, open your app registration.
-
Select 'Manage' > 'Expose an API' from the left sidebar.
-
At the top, select 'Add' next to 'Application ID URI'.
-
In the 'Application ID URI' field, you should see a value similar to the below:
api://00000000-0000-0000-0000-000000000069
Change the value to the below format, retaining the GUID portion.
api://your-applications-domain.net/00000000-0000-0000-0000-000000000069
-
Select 'Save'.
Once you have exposed the API, you will need to grant access to the Microsoft Teams clients.
-
Under 'Scopes defined by this API', select 'Add a scope'.
-
In the 'Scope name' field, enter
access_as_user
. -
Set 'Who can consent?' to either 'Admins and users', or 'Admins only'.
-
In the 'Admin consent display name' and 'Admin consent description' fields, enter a suitable value.
-
Select 'Save'.
-
Under 'Authorized client applications', select 'Add a client application', and add the below clients:
1fec8e78-bce4-4aaf-ab1b-5451cc387264
: Microsoft Teams desktop/web application5e3ce6c0-2b1f-4285-8d4b-75ee78787346
: Microsoft Teams website
In each authorized client application, assign the authorized scope that was created earlier on.
Once you have your Microsoft Entra ID app registration ready, set up the Microsoft Teams app (skip to the next section if you have already done so).
- Open the Microsoft Teams Dev Center
- Select 'New app'.
- Follow the on-screen instructions to create a new Microsoft Teams app.
- Configure your Microsoft Teams app.
Next, you will need to connect your Microsoft Teams app and the Microsoft Entra ID app registration.
-
In your Microsoft Teams app, select 'Basic information' under 'Configure' from the left sidebar.
-
Under 'Application (client) ID', enter the 'Application (client) ID' found on the 'Overview' page of the Microsoft Entra ID app registration page.
-
Select 'Save'.
-
Select 'Single sign-on' under 'Configure' from the left sidebar.
-
Under 'Application ID URI', enter the 'Application ID URI' as was set up in your Microsoft Entra ID app registration:
api://your-applications-domain.net/00000000-0000-0000-0000-000000000069
Once that is completed, either set up the tab app directly, or add a new domain by heading to 'Domains' under 'Configure' in the left sidebar.
When everything is completed, you can deploy your Microsoft Teams app manifest.