search

Blazorade / Blazorade-Teams

A Blazor component library that is designed to be used when building applications for Microsoft Teams.
MIT License
35 stars 16 forks source link

Single Sign-on #24

Open HeinA opened 3 years ago

HeinA commented 3 years ago

'ello

Could you make this work with Single Sign-on please?

Regards Hein

MikaBerglund commented 3 years ago

I assume you are talking about this: https://docs.microsoft.com/microsoftteams/platform/tabs/how-to/authentication/auth-aad-sso

The reason why I have not yet included that is because of the limitations regarding what permission scopes you get acquire a token for through the SSO authentication for Teams.

However, the workaround for internal applications (which is a very common scenario for developing Teams applications) using admin consent would probably enable you to get whatever permission scopes you need, not only permissions to call Microsoft Graph, but your custom API application as well.

So, I'll evaluate this a bit more and put it on the backlog.

Renevdo commented 2 years ago

SSO would be a great addition for Teams! MSAL redirect is not allowed in an IFrame, and a popup to login in Teams, when already logged in, is not that user-friendly. How can we achieve this?

greg-dickie commented 2 years ago

Agreed, I would love to see this as well.

MikaBerglund commented 2 years ago

Hi guys and thank you for your comments!

I haven't had the time to do much work on Blazorade Teams for a while. I've also postponed development efforts on it because of the toolkit Microsoft has come out with. I'll have to look into that in more detail before I make any decisions on how to go forward with Blazorade Teams. You can read more about the Teams Toolkit and how to build Teams applications using it in this article.

What comes to SSO, I completely agree with you. I guess I started building authentication support in Blazorade Teams using a wrong approach. I would say, and I hope you can agree, that the majority of Teams applications, at least the ones you would build using Blazorade Teams, are applications build for a single company. In such cases it would not be a problem to create a single-tenant Azure AD application registration and configure the Teams application to use that, so you would not have to use MSAL at all.

I hope I can have a look into the Teams Toolkit in a near future and decide where Blazorade Teams fits into the picture.

MikaBerglund commented 2 years ago

In fact, it was not the Teams Toolkit I was referring to, but TeamsFx, which you can read more about on Github.

greg-dickie commented 2 years ago

Thanks for responding Mika. I've looked at the TeamsFx and one of the problems that I have with it is that they aren't supporting multi-tenant and Blazorade Teams does that quite nicely. I have a tab application running using Blazorade Teams and it meets all of our needs except for SSO. In my case I'm not building an application for a single company unfortunately. We are creating a Teams app for our Cosmos Forms product and need to support multi-tenant for sure.

I totally understand though that given that TeamsFx is coming it may not make much sense for you to duplicate the effort that Microsoft is going through.