Open eosseylecko opened 2 years ago
ghost
commented
2 years ago Thank you for contacting us! Any issue or feedback from you is quite important to us. We will do our best to fully respond to your issue as soon as possible. Sometimes additional investigations may be needed, we will usually get back to you within 2 days by adding comments to this issue. Please stay tuned.
KennethBWSong
commented
2 years ago Hi @eosseylecko, thank you for your feedback! Our toolkit does not support multi-tenant Azure AD apps, but there is workaround by using CDN. Please follow the steps below:
Please have a try to see whether the following steps can help you. Thanks a lot!
eosseylecko
commented
2 years ago Hi @KennethBWSong, thank you for your reactivity !
I followed the instructions on a new application to use the workaround with CDN but I still couldn't use the toolkit for multi-tenant use.
But I always get the same authentication error, I don't know what I did wrong.
timClyburn
commented
2 years ago @KennethBWSong any further info on this? I am also experiencing the same problem (although using the organizations auth url: https://login.microsoftonline.com/organizations/). I have changed the line as advised in the auth-start.html file and have also set the fx-resource-aad-app-for-teams.tenantId value to be 'organizations' for the simple-auth service. Looking at the code for the auth service I can't see a way to disable issuer validation, or to configure valid issuers.
KennethBWSong
commented
2 years ago Hi @eosseylecko and @timClyburn, sorry for late reply. As motioned above, multi-tenant Azure AD app is not officially supported. As for the workaround, we found that the Simple Auth Service also need to be updated. Please follow the steps below.
states/state.${env}.json file and find "endpoint" under "fx-resource-simple-auth", you can get the endpoint of your simple auth server.
Note: If you are working on a previous project, you need to open env.default.json file.Please have a try to see whether the following steps can help you. Thanks a lot!
timClyburn
commented
2 years ago @KennethBWSong, excellent, thank you. This works as expected now.
StefanSchulzeITP
commented
2 years ago Hi @KennethBWSong, hopefully you can help me, too.
We are in the developing an multi tenant app by using TeamsFX Toolkit. We know that this is currently not offical support...
We also get an 401 error while trying to authenticate.
After deplyoment we checked and updated the following Settings:
When we try to login by varius tenant, the Company Application got installed but while authentication we get 401 error.
The single Tenant solution works as expected but the multitenant solution doesn´t. We currently stucked in the publishing process to Teams store till we can fix this issue.
Thank you for support :-)
KennethBWSong
commented
2 years ago Hi @StefanSchulzeITP sorry for late reply and thank you for your feedback! Seems you have not updated the simple auth service. Can you check whether you have followed step 4-5 in this reply?
StefanSchulzeITP
commented
2 years ago Hi @KennethBWSong thanks for your reply. Yes we didn´t updated the Auth Service yet. The reasons is a missunderstanding on our site and hopefully you can advise us a bit more.
Our project is running in TypeScript and the Link to the Service (LINK) is in C#
How and where we should update the Service? In Visual Studio Code our Project looks like:
KennethBWSong
commented
2 years ago Hi @StefanSchulzeITP , thank you for your feedback. We are now using simple auth as a backend service for TeamsFx Tab projects for authorization and it is designed to support only single tenant Teams apps. TeamsFx will by default create the simple auth server with "simpleauth" suffix in your resource group, and TeamsFx SDK will call simple auth service to get tokens. To support multi tenant Teams apps, you need to follow the steps below:(as described here)
Please have a try to see whether the following steps can help you. Thanks a lot!
ghost
commented
2 years ago This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 7 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.
KonstantinAbragams
commented
2 years ago Hi @KennethBWSong, we had the same issue regarding multi-tenant-support and we followed your instructions from this post. This worked well for us, so thank you for that. But now we have a similar problem with azure functions within the same project. We created a new azure function with Teams Toolkit and made adjustments to the configuration:
Only after making these configuration changes, we were able to call the function from the teams tab, but now we run into a error at this line:
Can you help us with this problem?
Thank you in advance, Konstantin
KennethBWSong
commented
2 years ago Hi @KonstantinAbragams, thank you for your feedback. I can repro this error and is investigating how to solve this and will reach you asap.
KennethBWSong
commented
2 years ago Hi @KonstantinAbragams Sorry for late reply. After investigation, we found that you can simply update the function config by:
After this step, the function should work well. Please have a try to see whether the following steps can help you. Thanks a lot!
ghost
commented
2 years ago This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 7 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.
K0iram
commented
1 year ago Hi Im having a similar issue. I have followed the steps here but it doesn't seem like my Teams toolkit has the simple-auth package as a dependency. I was wondering if there is any updated instructions on how to allow multi-tenant for a teams toolkit app
KennethBWSong
commented
1 year ago @mario7746 Thank you for using our toolkit. Since we are using auth code flow for authentication now, latest projects created by Teams toolkit will not contain simple auth service. Now you can refer to this for multi tenant apps.
K0iram
commented
1 year ago @KennethBWSong Thanks for pointing me to that doc! I followed the steps and now I'm getting the following
OutOfRangeInputOne of the request inputs is out of range
Have you seen this error before?
KennethBWSong
commented
1 year ago @mario7746 Can you share in which step you get this error and the detailed error info with us?
ghost
commented
1 year ago This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 7 days. As it is labeled with feature-request, it will be manually handled
I developed a Tab Teams application in Typescript with the architecture provided by the Microsoft Teams Toolkit.
I used the backend service "Simple Auth" for user authentication and I converted the azure application and changed the app service configuration to multi-tenant so that the issuer "http://login.microsoftonline.com/common/v2.0" is valid but after several tests, the issuer that I test during the validation "/auth/token" always remains the same "https:/login.microsoftonline.com/{aad-tenant-id}" and I get the error :
I don't know how to modify the "TeamsFxSimpleAuth" service to validate the issuer of different tenants with the service so that it uses the "common" multiplexer rather than the tenant's {aad-tenant-id}.
Is there a doc or solution to configure authentication with Microsoft.TeamsFx.SimpleAuth in muti-tenant so that the issuer returned during the validation of token ?
OAUTH_AUTHORITY
AAD_METADATA_ADDRESS