SSO getAuthToken fails in shared channel

[ParadoxSpiral]

Using version 2.4.1 of the SDK.

The call to microsoftTeams.authentication.getAuthToken fails with ExtensionTabService: getAuthTokenForApp: Failed with error - TokenMismatch in a tab in a shared channel used by a user that is not part of the tenant the team is hosted in. Everything works normally for users that are part of the host tenant.

[ghost]

Hi ParadoxSpiral! Thank you for bringing this issue to our attention. We will investigate and if we require further information we will reach out in one business day. Please use this link to escalate if you don't get replies.

Best regards, Teams Platform

[sayali-MSFT]

@ParadoxSpiral - Thanks for reporting your issue. We will investigation this issue and get back to you.

[sayali-MSFT]

@ParadoxSpiral -Only the users who are owners or members of the shared channel can access the channel. While guests (people with Azure Active Directory guest accounts in your organization.) can't be added to a shared channel, you can invite people outside your organization to participate in a shared channel by using Azure AD B2B direct connect.

[ParadoxSpiral]

@sayali-MSFT That is the case, Azure B2B is configured and the external User is in the channel.

This is the channel (also notice the UI Bug where the company name is):

The federated external "guest" is accessing the channel via their regular "Teams" tab:

The error I pasted above only occurs for the user that tries to access the tab from within their "normal" Tenant.

[ParadoxSpiral]

In case you are interested I also found another UI Bug

https://user-images.githubusercontent.com/9111171/196723932-ed1c5959-b883-45fe-9190-edcc167697ed.mp4

[sayali-MSFT]

@ParadoxSpiral - Thanks for providing details, We are checking it internally and let you know the updates.

[sayali-MSFT]

@ParadoxSpiral -We tried to repro the scenario. For same tenant user it's working fine, but for External user got the error. We are checking it internally and will let you know if we have any update.

Could you please provide below details for investigation purpose -

1. Teams Client logs collected after receiving the auth error.
2. The name of the resource, you are trying to get an access token .

[ParadoxSpiral]

@sayali-MSFT

This is the log. I'm not familiar with these logs, so if you need anything else let me know.

Log

2022-10-27T09:13:34.520Z Inf ExtensionTabBase: Tab Notify Success: App id = 0de7b5e4-ebf4-46ee-8a96-6ad67e605b23, AppSessionId = 8b979fa6-b9d3-40fa-81e9-f4c36ea1d12d, AppLaunchId = 87de7e41-0e86-464d-b886-e21bd13eaab3 2022-10-27T09:13:34.520Z Inf [Scenario]ext_view_tabframework_appInitialization_content [step](3)stop (61ms/887ms) 2022-10-27T09:13:34.518Z Inf [Scenario]ext_get_auth_token_for_app [step](2)stop (0ms/1ms) 2022-10-27T09:13:34.518Z Err ExtensionTabService: getAuthTokenForApp: Failed with error - TokenMismatch 2022-10-27T09:13:34.518Z Inf [Scenario]mtma_token_mismatch_aad [step](1)stop (0ms/0ms) 2022-10-27T09:13:34.517Z Inf [Scenario]mtma_token_mismatch_aad start 2022-10-27T09:13:34.517Z Err Passive auth service discrepency 2022-10-27T09:13:34.517Z Inf AUTHSSO: No implementation for actionPostTokenPromise with notifying service due to passive Auth 2022-10-27T09:13:34.517Z Inf AUTHSSO: Return cached token for resource: api://5032-2a02-908-2056-ce60-4547-2521-9906-e4eb.eu.ngrok.io/3e734e70-4889-4075-99e5-d240994d91db, isPassive 3e9638b4-e59e-49ac-bd66-ab3b59d45ee5. 2022-10-27T09:13:34.517Z Inf AUTHSSO: Start acquiring Adal tokens for passive tenant: 3e9638b4-e59e-49ac-bd66-ab3b59d45ee5 -- resources: api://5032-2a02-908-2056-ce60-4547-2521-9906-e4eb.eu.ngrok.io/3e734e70-4889-4075-99e5-d240994d91db. 2022-10-27T09:13:34.517Z Inf ChannelAppsService: getSharedChannelUserAuthenticationInfo: oid 760de48a-f08a-43d7-9a40-988f8e08a5d3, userInfo.profile.tid:8fee1db2-0d4e-49e4-9fe3-f7b0701c155b, userInfo.profile.home_tid: undefined, threadTenantId: 3e9638b4-e59e-49ac-bd66-ab3b59d45ee5, channelId: 19:HzRjpAjCnqWmaiImgF2q6n25hhB6Cd3gaZDh4YUNCVw1@thread.tacv2. 2022-10-27T09:13:34.517Z Inf AUTHSSO: Successfully retrived logged in user from desktop app without id-token request. 2022-10-27T09:13:34.517Z Inf ChannelAppsService: getSharedChannelUserAuthenticationInfo: channelId: 19:HzRjpAjCnqWmaiImgF2q6n25hhB6Cd3gaZDh4YUNCVw1@thread.tacv2. 2022-10-27T09:13:34.517Z Inf [Scenario]ext_get_auth_token_for_app [step](1)validation_complete_making_token_request (1ms) 2022-10-27T09:13:34.517Z Inf [Scenario]ext_apps_appsService_getInstalledAppsForTeam [step](1)stop (0ms/0ms) 2022-10-27T09:13:34.517Z Inf [Scenario]ext_apps_channelAppsService_getChannelInstalledApps [step](1)stop (0ms/0ms) 2022-10-27T09:13:34.517Z Inf [Scenario]ext_apps_channelAppsService_getChannelInstalledApps start 2022-10-27T09:13:34.517Z Inf [Scenario]ext_apps_appsService_getInstalledAppsForTeam [step](1)stop (0ms/0ms) 2022-10-27T09:13:34.516Z Inf [Scenario]ext_apps_channelAppsService_getChannelInstalledApps [step](1)stop (0ms/0ms) 2022-10-27T09:13:34.516Z Inf [Scenario]ext_apps_channelAppsService_getChannelInstalledApps start 2022-10-27T09:13:34.516Z Inf [Scenario]ext_apps_appsService_getInstalledAppsForTeam start 2022-10-27T09:13:34.516Z Inf [Scenario]ext_apps_appsService_getInstalledAppsForTeam start 2022-10-27T09:13:34.516Z Inf conversationToChannel: 6 teams are in channelConversationAdapterService cache-c2 2022-10-27T09:13:34.516Z Inf conversationToChannel: 6 teams are in channelConversationAdapterService cache-c2 2022-10-27T09:13:34.516Z Inf [Scenario]ext_get_auth_token_for_app start 2022-10-27T09:13:34.515Z Inf [Scenario]ext_sdkHelper_created [step](4)ext_sdkHelper_apiInvoked (0ms) 2022-10-27T09:13:34.514Z Inf [Scenario]ext_sdkHelper_created [step](3)ext_sdkHelper_apiInvoked (160ms) 2022-10-27T09:13:34.478Z Inf AppManagementService: sendWebviewIdentity received - id: 8, pid: 22992 2022-10-27T09:13:34.460Z Inf [Scenario]ext_view_tabframework_appInitialization_content [step](2)iframe_on_load (108ms) 2022-10-27T09:13:34.460Z Inf [Scenario]ext_embedded_page_load [step](1)stop (831ms/831ms) 2022-10-27T09:13:34.459Z Inf embedded-page-container: Webview is loaded 2022-10-27T09:13:34.358Z Inf [Scenario]ext_get_tab_context [step](1)stop (2ms/2ms) 2022-10-27T09:13:34.358Z Inf ExtensionTabService: getTabContext: Succeeded 2022-10-27T09:13:34.358Z Inf conversationToChannel: 6 teams are in channelConversationAdapterService cache-c2 2022-10-27T09:13:34.358Z Inf AUTHSSO: Successfully retrived logged in user from desktop app without id-token request. 2022-10-27T09:13:34.358Z Inf [Scenario]documents_get_file_settings [step](5)stop (0ms/0ms) 2022-10-27T09:13:34.358Z Inf [Scenario]documents_get_file_settings [step](4)fileSettings-validation-complete (0ms) 2022-10-27T09:13:34.358Z Inf filesUtilityService: [getFilesSettings]fileSettings Validation complete 2022-10-27T09:13:34.358Z Inf filesUtilityService: [getFilesSettings]Starting fileSettings Validation 2022-10-27T09:13:34.358Z Inf [Scenario]documents_get_file_settings [step](3)starting-fileSettings-validation (0ms) 2022-10-27T09:13:34.358Z Inf [Scenario]documents_get_file_settings [step](2)userPreference-validation-complete (0ms) 2022-10-27T09:13:34.358Z Inf filesUtilityService: [getFilesSettings]UserPreference Validation complete 2022-10-27T09:13:34.358Z Inf filesUtilityService: [getFilesSettings]Starting UserPreference Validation 2022-10-27T09:13:34.358Z Inf [Scenario]documents_get_file_settings [step](1)starting-userPreference-validation (0ms) 2022-10-27T09:13:34.358Z Inf [Scenario]documents_get_file_settings start 2022-10-27T09:13:34.357Z Inf ExtensionTabService: Scenario = ext_get_tab_context, App id = 0de7b5e4-ebf4-46ee-8a96-6ad67e605b23, AppSessionId = 8b979fa6-b9d3-40fa-81e9-f4c36ea1d12d, AppLaunchId = 87de7e41-0e86-464d-b886-e21bd13eaab3 2022-10-27T09:13:34.357Z Inf [Scenario]ext_get_tab_context start 2022-10-27T09:13:34.355Z Inf [Scenario]ext_sdkHelper_created [step](2)ext_sdkHelper_apiInvoked (5ms) 2022-10-27T09:13:34.352Z Inf [Scenario]ext_load_tabinstance [step](4)handle_initialize_called (691ms) 2022-10-27T09:13:34.352Z Inf ExtensionTabBase: Tab Initialize: App id = 0de7b5e4-ebf4-46ee-8a96-6ad67e605b23, AppSessionId = 8b979fa6-b9d3-40fa-81e9-f4c36ea1d12d, AppLaunchId = 87de7e41-0e86-464d-b886-e21bd13eaab3 2022-10-27T09:13:34.352Z Inf [Scenario]ext_view_tabframework_appInitialization_content [step](1)on_initialize (718ms) 2022-10-27T09:13:34.352Z Inf [Scenario]ext_view_tabframework_ready_content [step](1)stop (718ms/718ms) 2022-10-27T09:13:34.350Z Inf [Scenario]ext_sdkHelper_created [step](1)ext_sdkHelper_apiInvoked (0ms) 2022-10-27T09:13:34.350Z Inf [Scenario]ext_sdkHelper_created start 2022-10-27T09:13:33.840Z War HTTP request DM putTeamSmtpAddress PUT failed: PUT "https://teams.microsoft.com/api/mt/emea/beta/teams/19:MTtZ5gOy8l2i8pJd2q33oijM048OZj9kPtSZ-Vd_ECo1@thread.tacv2/teamSmtpAddress", status: 403, response: {"errorCode":"Forbidden"}, errorCode: Forbidden, requestId: undefined, correlationId: undefined, afdCorrelationId: Ref A: 22276865795F49DFB292D73E4A8260DC Ref B: FRAEDGE1907 Ref C: 2022-10-27T09:13:31Z, serverRequestId: 22276865795F49DFB292D73E4A8260DC 2022-10-27T09:13:33.729Z Inf [Scenario]onboarding_engagement_surfaces_handleTriggerFire [step](1)stop (6ms/6ms) 2022-10-27T09:13:33.729Z Inf [Scenario]onboarding_engagement_surfaces_handleTriggerFire [step](1)stop (18ms/18ms) 2022-10-27T09:13:33.722Z Inf [Scenario]onboarding_engagement_surfaces_handleTriggerFire start 2022-10-27T09:13:33.722Z Inf App Installation status: false 2022-10-27T09:13:33.719Z Inf App Installation status: false 2022-10-27T09:13:33.710Z Inf [Scenario]onboarding_engagement_surfaces_handleTriggerFire start 2022-10-27T09:13:33.709Z Inf App Installation status: false 2022-10-27T09:13:33.706Z Inf App Installation status: false 2022-10-27T09:13:33.669Z Inf [Scenario]ext_before_unload_tabinstance [step](2)stop (57ms/58ms) 2022-10-27T09:13:33.669Z Inf AppManagementService: unloaded: Setting unloaded for app: [3ed5b337-c2c9-4d5d-b7b4-84ff09a8fc1c, undefined, FileBrowserTabApp]. 2022-10-27T09:13:33.662Z Err Unhandled exception. TypeError: Cannot read properties of null (reading 'appDefinition'), cause: , stack: {anonymous}()@https://statics.teams.cdn.office.net/hashed/3.2-app.min-967c0de.js:1:9273328 > f@https://statics.teams.cdn.office.net/hashed/0.2-angular-jquery.min-14969ec.js:127:509 > {anonymous}()@https://statics.teams.cdn.office.net/hashed/0.2-angular-jquery.min-14969ec.js:128:219 > {anonymous}() (m.)$eval@https://statics.teams.cdn.office.net/hashed/0.2-angular-jquery.min-14969ec.js:142:512 > {anonymou... 2022-10-27T09:13:33.662Z Inf [Scenario]ext_apps_appsService_getInstalledAppsForUser [step](1)stop (2ms/2ms) 2022-10-27T09:13:33.661Z Inf [Scenario]ext_apps_appsService_getInstalledAppsForTeam [step](1)stop (1ms/1ms) 2022-10-27T09:13:33.661Z Inf [Scenario]ext_apps_channelAppsService_getChannelInstalledApps [step](1)stop (0ms/0ms) 2022-10-27T09:13:33.661Z Inf [Scenario]ext_apps_channelAppsService_getChannelInstalledApps start 2022-10-27T09:13:33.661Z Inf AppsService: getUserAppEntitlementsOptimized - using in memory cached entitlements 2022-10-27T09:13:33.661Z Inf [Scenario]ext_apps_appsService_getInstalledAppsForTeam [step](1)stop (0ms/0ms) 2022-10-27T09:13:33.661Z Inf [Scenario]ext_apps_channelAppsService_getChannelInstalledApps [step](1)stop (0ms/0ms) 2022-10-27T09:13:33.660Z Inf [Scenario]ext_apps_channelAppsService_getChannelInstalledApps start 2022-10-27T09:13:33.660Z Inf conversationToChannel: 6 teams are in channelConversationAdapterService cache-c2 2022-10-27T09:13:33.660Z Inf [Scenario]ext_apps_appsService_getInstalledAppsForTeam start 2022-10-27T09:13:33.660Z Inf [Scenario]ext_apps_appsService_getInstalledAppsForTeam start 2022-10-27T09:13:33.660Z Inf [Scenario]ext_load_tabinstance [step](3)embedded_content_helper_instantiated (27ms) 2022-10-27T09:13:33.660Z Inf embedded-page-container: Instanting the helper for container 2022-10-27T09:13:33.660Z Inf embedded-page-container: URL is set; navigating iframe/webview 2022-10-27T09:13:33.660Z Inf embedded-page-container: initializeAfterViewCreation loading url https://5032-2a02-908-2056-ce60-4547-2521-9906-e4eb.eu.ngrok.io/?inTeams=true 2022-10-27T09:13:33.660Z Inf [Scenario]ext_apps_appsService_getInstalledAppsForUser start

This is the resource as configured in the App Manifest, with the display name "bnear-local-js" configured in Azure:

Manifest

```json "webApplicationInfo": { "id": "3e734e70-4889-4075-99e5-d240994d91db", "resource": "api://5032-2a02-908-2056-ce60-4547-2521-9906-e4eb.eu.ngrok.io/3e734e70-4889-4075-99e5-d240994d91db" } ```

Note that this is my development instance which is not always available as it runs on my PC. If you need access we can figure something out.

[sayali-MSFT]

@ParadoxSpiral -We are providing the details to engineering team and let you know once we get any update.

[ChetanSharma-msft]

Hello @ParadoxSpiral - Hope you are doing well!! Just wanted to inform you that engineering team is working on this issue, and we are tracking it closely. Once we get any update on it, we will inform you accordingly.

[ParadoxSpiral]

Hi @ChetanSharma-msft and @sayali-MSFT , is there any update on this?

[sayali-MSFT]

@ParadoxSpiral - Sorry for the delay. Engineering team working on this issue. Currently we don’t have ETA or Update on this thread. Once we get any update on it, we will inform you accordingly.

[sayali-MSFT]

@ParadoxSpiral - We are checking the status of the fix release with the engineering team. We will let you know once we have any updates on it. Thanks.

[ParadoxSpiral]

Hi @sayali-MSFT, is there any update on this? 😊

[ChetanSharma-msft]

I apologize for delay in response. We are actively checking the status of bug fixes with engineering team and will update this thread accordingly.

Thanks!!

[ChetanSharma-msft]

I apologize for delay in response. We are actively checking the status of bug fixes with engineering team and will update this thread accordingly.

Thanks!!

[sayali-MSFT]

Hope you are doing well!! Just wanted to inform you that engineering team is working on this issue, and we are tracking it closely. Once we get any update on it, we will inform you accordingly.