Closed stevebeauge closed 9 months ago
ghost
commented
10 months ago Thank you for contacting us! Any issue or feedback from you is quite important to us. We will do our best to fully respond to your issue as soon as possible. Sometimes additional investigations may be needed, we will usually get back to you within 2 days by adding comments to this issue. Please stay tuned.
HuihuiWu-Microsoft
commented
10 months ago Hi @stevebeauge, thanks for your feedback!
I checked the doc you shared and also found official doc pointing out that *.microsoft.com is not allowed: https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/deploy-and-publish/appsource/prepare/teams-store-validation-guidelines#external-domains. Seems this part of content was updated at end of last year.
We're constructing the template aligining with SPFx. In their side, *.microsoft.com is still in official doc https://learn.microsoft.com/en-us/sharepoint/dev/spfx/build-for-teams-meeting-app#create-the-microsoft-teams-app-manifest. I'll try and double confirm whether this is necessary. Also will update with SPFx side later.
In the meanwhile, maybe you can also raise the question to marketplace validation team to see whether they have the context of better practice to avoid your problem.
stevebeauge
commented
10 months ago Thanks for your feed back
In the meanwhile, maybe you can also raise the question to marketplace validation team to see whether they have the context of better practice to avoid your problem.
They asked us to raise issues, because it seems to be out of their scope. We'll share feedback with the validation team because the submission is blocked by this gray area.
HuihuiWu-Microsoft
commented
10 months ago Hi @stevebeauge, although SPFx projects with compose extension is out of our scope (Teams Toolkit only support SPFx solution with web part component exposed as Teams tab or personal app yet), I spend efforts to try to help you resolve the problem.
I created a SPFx project with compose extension in which web part is exposed as taskInfo.url. Then provision and deploy the app. After I sideload in Teams, it works well even if I replace *.sharepoint.com to {teamSiteDomain} in validDomains field. So I think the requirement from marketplace team is valid. Can you help double confirm whether it works for you if you change to {teamSiteDomain}?
stevebeauge
commented
10 months ago Hello @HuihuiWu-Microsoft. Thanks for your feedback.
I checked again. What I observe is that the error appears on some apps. I have apps where validDomains set to {teamSiteDomain} is enough. Other apps where it is not (even if I swap the componentId from working package to not working package). The later issue can be worked around by adding *.sharepoint.com in valid domains.
This is puzzling me, I spent hours trying to figure out what's different between working and not working apps
stevebeauge
commented
10 months ago OK, I finally managed to spot what is different between working and non-working apps.
If the manifest contains the compose extension AND at least one staticTabor configurableTab, it is working ✅
If there's no staticTabor configurableTabat all, it is not working 🟥
(assuming in both cases that the tabs are pointing to something under https://{teamSiteDomain}.
My analysis is that MS Teams is internally building a list of dynamically white listed domain (resolving the {teamSiteDomain}) only for specific nodes in the manifest (staticTabs and configurableTabs, not composeExtension's task url).
Understanding this difference make the repro easy. Simply remove any staticTabor configurableTab and keep only composeExtension in the manifest, and it will starts to fail.
When *.sharepoint.com is in the validDomains the error does not appears becasue the actual url is whitelisted through the wildcard.
For convenience, I updated my repro repository.
Working branch: https://github.com/stevebeauge/repro-sp-dev-docs-issues-9018/blob/094a674a0cb8e4de5ce5d722cfb4adf246a15bf3/teams/manifest.json#L40-L59
Non working branch : https://github.com/stevebeauge/repro-sp-dev-docs-issues-9018/blob/7b0116a20210e5d77ab8da5b55c86ed2de2ffbbe/teams/manifest.json#L40
Diff : https://github.com/stevebeauge/repro-sp-dev-docs-issues-9018/pull/1/files
I also attached the two resulting manifests:
HuihuiWu-Microsoft
commented
10 months ago @stevebeauge That's quite weird since in my testing I'm not including any staticTab or configurableTab. I attached the testing manifest.json I'm using.
I'm not sure whether any other fields are having effects on the result. I see the issue you opened to Teams side. Maybe they can provide more information.
stevebeauge
commented
10 months ago The issue I opened on teams side (if you are talking about https://github.com/OfficeDev/microsoft-teams-library-js/issues/1830) is related to an issue with android and IOS version of teams that are not loading compose extension at all. This is not related to the validDomains issue.
The original statement of the issue, which mention that a boostrapped project does not pass marketplace validation, is still accurate and present, even if we consider the issue with {teamSiteDomain} appart.
If you believe this should lead to a dedicated issue, let me know in which repo I should post the issue (quite confusing where to submit issue when SFPX, TeamsJS and Teams SFX are used in the project)
HuihuiWu-Microsoft
commented
10 months ago Hi @stevebeauge, I see you mentioned the validDomains issue in the one on SPFx side https://github.com/SharePoint/sp-dev-docs/issues/9018. Since the project you provided is actually a SPFx solution instead of a TeamsFx project, that should be more accurate to track this issue.
Again, from my testing I think the suggestion from marketplace team is valid to fix this original issue that a boostrapped project does not pass marketplace validation:
composeExtension in manifest without staticTab or configurableTab. The SPFx solution works well.notworking version of manifest you provided. With changing validDomains to following value, everything works well:
"{teamSiteDomain}",
".login.microsoftonline.com",
".sharepoint-df.com",
"spoppe-a.akamaihd.net",
"spoprod-a.akamaihd.net",
"resourceseng.blob.core.windows.net",
"msft.spoppe.com"
So I guess the fix of this issue is just to change *.sharepoint.com to {teamSiteDomain} in validDomains field to pass marketplace validation. Besides, SPFx side and our side should also update the template.HuihuiWu-Microsoft
commented
9 months ago Hi @stevebeauge, as SPFx side mentioned at https://github.com/SharePoint/sp-dev-docs/issues/9018#issuecomment-1642073302, it's not a valid scenario as of now. So at least for now, we'll keep our template as it is to align with SPFx side. If you have more questions, I think it's more accurate to raise issue there (at SharePoint/sp-dev-docs repo).
ghost
commented
9 months ago This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 7 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.
ghost
commented
9 months ago This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 7 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.
stevebeauge
commented
9 months ago Hello,
There's still the issue related to non working compose extension if there's no static tab (https://github.com/OfficeDev/TeamsFx/issues/9241#issuecomment-1634187050).
What should I do with this remaining issue ?
thx
HuihuiWu-Microsoft
commented
9 months ago Hi @stevebeauge, as SPFx team mentioned(https://github.com/SharePoint/sp-dev-docs/issues/9018#issuecomment-1642073302), this is not a valid scenario. But for now, you can still publish to marketplace if you follow the suggestion from marketplace team since it works as I mentioned (https://github.com/OfficeDev/TeamsFx/issues/9241#issuecomment-1639568619) also verified by SPFx team (https://github.com/SharePoint/sp-dev-docs/issues/9018#issuecomment-1643836156). So we should close this issue if you don't have more questions.
Describe the bug We are building a product which should be published to the Teams Marketplace. Our product is built using SPFX.
The validation team did not validate the submitted because of the
validDomainsattribute in the manifest.The bootstrapped manifest contains:
We added a new entry that targets
https://somebot.azurewebsites.netbecause our application has a compose extension and requires a bot to receive and transform submissions.The marketplace validation teams raised an issue regarding this config:
Ref : https://learn.microsoft.com/en-us/legal/marketplace/certification-policies#1140.3.3.1
They asked us to use exclusively
{teamSiteDomain}and our custom bot hosting.If we follow the requirement, the application does not work anymore. It seems that
"*.sharepoint.com"is required to have the compose extension working.Please provide official guidelines regarding SFPX based apps that could be submitted in the marketplace. From our perspective, there's something missing, either technically (should works) or declaratively (functionnal sample should be provided).
To Reproduce Bootstrap any SFPX project using
teamsfx new.Submit the app following official guidance.
Expected behavior SFPX based apps should be publishable. Requirements and restrictions should be documented somewhere explicitly (not found any documentation regarding
validDomainsfor SPFX projects.Screenshots If applicable, add screenshots to help explain your problem.
VS Code Extension Information (please complete the following information):
CLI Information (please complete the following information):
Additional context Add any other context about the problem here.