microsoft-graph-toolkit icon indicating copy to clipboard operation
microsoft-graph-toolkit copied to clipboard

Published 20 hours ago • verified publisher icon microsoftgraph

Support single tenant AAD application for Teams MSAL2 Provider

Open SLdragon opened this issue 3 years ago • 7 comments

Hi, team, Now Teams MSAL2 provider only support multi-tenant AAD application according to these docs:

https://docs.microsoft.com/en-us/graph/toolkit/providers/teams-msal2?tabs=ts#creating-an-appclient-id

https://docs.microsoft.com/en-us/graph/toolkit/get-started/build-a-microsoft-teams-sso-tab?tabs=unpkg%2CHTML#creating-an-appclient-id

In some scenario, we can only use single tenant AAD application, which has different authority and not compatible with multi-tenant AAD application.

Do we have plan to support it? Thank you very much!

SLdragon avatar Nov 05 '21 05:11 SLdragon

Hello SLdragon, thank you for opening an issue with us!

I have automatically added a "needs triage" label to help get things started. Our team will analyze and investigate the issue, and escalate it to the relevant team if possible. Other community members may also look into the issue and provide feedback 🙌

ghost avatar Nov 05 '21 05:11 ghost

Hey @SLdragon, have you tried specifying the tenant in the authority property in the config object? This should allow you to use the provider with a single tenant application.

nmetulev avatar Nov 09 '21 17:11 nmetulev

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.

ghost avatar Nov 13 '21 18:11 ghost

Thanks for your feedback, however from TeamsMsal2Config, I didn't find authority property, where can I find it?

export interface TeamsMsal2Config {
  clientId: string;
  authPopupUrl: string; // see below for creating the popup page
  scopes?: string[];
  msalOptions?: Configuration;
  ssoUrl?: string; // ex: '/api/token',
  autoConsent?: boolean,
  httpMethod: HttpMethod; //ex HttpMethod.POST
}

SLdragon avatar Nov 15 '21 02:11 SLdragon

I see. One way to do it is to add the authority as part of the msalOptions configuration, but I know that is probably not the most ergonomic approach.

Do you want to help us add an authority property to the TeamsMsal2Config object to make this a bit easier?

nmetulev avatar Nov 19 '21 00:11 nmetulev

Oh, yes, that will be great if you have authority property in the TeamsMsal2Config object, thank you! I am not very familiar with your code, and where can I start?

SLdragon avatar Nov 19 '21 02:11 SLdragon

Helping with this one for you @SLdragon. The best place to start would be here : https://github.com/microsoftgraph/microsoft-graph-toolkit/blob/main/packages/providers/mgt-teams-msal2-provider/src/TeamsMsal2Provider.ts#L94

If defined, it could be merged with the MSAL Config here : https://github.com/microsoftgraph/microsoft-graph-toolkit/blob/main/packages/providers/mgt-teams-msal2-provider/src/TeamsMsal2Provider.ts#L305

That would be absolutely useful, especially in TeamsFx scenarios! Please let us know! Something similar could be achieved also for the TeamsFx provider!

sebastienlevert avatar Feb 17 '22 19:02 sebastienlevert

Closing this at the TeamsMSAL2 provider is deprecated

gavinbarron avatar Jul 20 '23 01:07 gavinbarron