What are expected error in sso and how to mitigate them

[abdulkareemnalband]

We are getting following error with SSO with our multi tenant application

1. tokenRevoked
2. renewalTimeout
3. unknownAuthError

Where can i find documentation for above and try to mitigate them

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 52221dd3-95ec-96b9-1da8-9478527c2602
• Version Independent ID: 32e9c2d8-733d-0865-2ea3-727d8684a10d
• Content: Single sign-on support for tabs - Teams
• Content Source: msteams-platform/tabs/how-to/authentication/auth-aad-sso.md
• Product: msteams
• GitHub Login: @laujan
• Microsoft Alias: lajanuar

[ghost]

Hi abdulkareemnalband! Thank you for bringing this issue to our attention. We will investigate and if we require further information we will reach out in one business day. Please use this link to escalate if you don't get replies.

Best regards, Teams Platform

[marwalsch]

As for the renewalTimeout you might want to check Issue #532 of the Teams SDK. It appears this is an issue on the Teams client's site which can be avoided by re-install. Has the getAuthToken() API worked for you before or are you experiencing the issue on random occasions?

[Sridevi-MSFT]

@abdulkareemnalband, Thanks for brining up this issue, Taking this for internal discussion with team and will update you.

[abdulkareemnalband]

@marwalsch getAuthToken() is working for us

Above are some error we caught in our analytics where some customers are getting it

[Sridevi-MSFT]

@abdulkareemnalband , Have you gone through this documentation.

[abdulkareemnalband]

@Sridevi-MSFT that page does not mention anything about erros

[dmcweeney]

It is still happening for us randomly - restarting Teams seems to be the only reliable solution. It would be nice to have some debugging steps outlined to help trace the source of the problem,

[ascott18]

ssoAcquireTokenRenewFailed is an error that we've seen happen if the user hasn't used the app before and has to be prompted for consent. If the user clicks "cancel" on the popup request for OAuth permissions that appears, this is the error that failureCallback is called with.

[abdulkareemnalband]

@ascott18 thanks

[ascott18]

Have you gone through this documentation.

@Sridevi-MSFT the docs you linked are for LinkedIn and do nothing more than describe the very basic workings of OAuth2. How is this in any way applicable to Teams SSO?

[Nikitha-MSFT]

Are you running fiddler in the back-end? Could you please conform?

[abdulkareemnalband]

No fiddler, proxy or vpn I'm running it on directly

[Nikitha-MSFT]

The renewalTimeout error is returned from our auth stack. could you please share some Teams logs showing this error being returned so we can investigate further. Also, we have noticed that WAM and Fiddler don’t get along so when you’re running Fiddled the getAuthToken calls fail with renewalTimeout error

[ghost]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 3 days. It will be closed if no further activity occurs within 3 days of this comment.

[ascott18]

@Nikitha-MSFT @Sridevi-MSFT Why is this closed? The original question about what the different errors from SSO are and how they should be handled by developers has not been answered.

[ghost]

Hi abdulkareemnalband! Thank you for bringing this issue to our attention. We will investigate and if we require further information we will reach out in one business day. Please use this link to escalate if you don't get replies.

Best regards, Teams Platform

[ghost]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 3 days. It will be closed if no further activity occurs within 3 days of this comment.

[ascott18]

@Nikitha-MSFT @Sridevi-MSFT Sorry, still not resolved. Might want to remove the needs-author-feedback so the bot doesn't close it again.

[ghost]

Hi abdulkareemnalband! Thank you for bringing this issue to our attention. We will investigate and if we require further information we will reach out in one business day. Please use this link to escalate if you don't get replies.

Best regards, Teams Platform

[Githamza]

ssoAcquireTokenRenewFailed is an error that we've seen happen if the user hasn't used the app before and has to be prompted for consent. If the user clicks "cancel" on the popup request for OAuth permissions that appears, this is the error that failureCallback is called with.

I get the same error , How have you made to resolve it ?

[PodgeHeavin]

What causes the tokenRevoked error. Causing issues in our tab application for teams

[ChetanSharma-msft]

We have informed engineering team on this issue and they are checking on it.

[ChetanSharma-msft]

@surbhigupta12 - Could you please help us to update the contents like below: tokenRevoked: Token has expired and need to renew it. renewalTimeout: Token has expired and can not renew it, so needs to generate a new token.

Thanks!!

[tiennguyen1293]

I'm facing with issue unknownAuthError.

[ChetanSharma-msft]

@tiennguyen1293 - Thanks for reporting this issue. Can you please share the repro steps or minimal code, so that we can try it from our end?

[tiennguyen1293]

@ChetanSharma-msft, I have registered the Teams App on Azure Portal exactly as the DOC steps mentioned.

https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/tab-sso-overview

Then I configure the Teams App as below

and code

    microsoftTeams.initialize()
    microsoftTeams.authentication.getAuthToken({
      successCallback: function (response) {
        console.log('=== successCallback', response)
        failureCallback()
      },
      failureCallback: function (reason) {
        console.log('=== failureCallback', reason)
        failureCallback()
      },
    })

and then response error