sayali-MSFT
commented
1 year ago @crrobinson14 - Thanks for reporting your issue. We will check this at our end and will get back to you.
Open crrobinson14 opened 1 year ago
sayali-MSFT
commented
1 year ago @crrobinson14 - Thanks for reporting your issue. We will check this at our end and will get back to you.
sayali-MSFT
commented
1 year ago @crrobinson14 -Could you please follow the below Tab SSO sample steps- https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/tab-sso/csharp#setup
Meanwhile, we are also checking this from our end and let you know the update.
crrobinson14
commented
1 year ago @sayali-MSFT I will try, but those instructions are for a C# project. Is there an equivalent for a Node-based project?
sayali-MSFT
commented
1 year ago @crrobinson14 - please have look into this node sample-https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/tab-sso/nodejs
sayali-MSFT
commented
1 year ago @crrobinson14 - The error AADSTS70011 occurs when the requested token uses a signing key that the calling application has not configured in its Azure AD app registration. This error is typically seen when the scopes requested by the app are not configured in the Azure AD app registration.
To resolve this issue, you need to ensure that the scopes requested in the getAuthToken() method are configured in the Azure AD app registration.
Here's how you can do it:
For more information, see getAuthToken.
crrobinson14
commented
1 year ago @sayali-MSFT Thank you for the directions. But this was already done and the error is still occurring:
I am familiar with passing scopes to an OAuth request but when you say "ensure that the scopes requested" I am confused what you mean here. Per the docs for getAuthToken there is not actually a parameter to control the scopes requested. That's what led to my question here in the first place. I can see no place in the app code where scopes can be set in the first place. Typically this would be something like getXYZToken({ scopes: ['openid', 'profile', ...]}). But getAuthToken does not accept a parameter like this.
The documentation (and code in the library) only allow a few parameters such as claims, which are unrelated: https://learn.microsoft.com/en-us/javascript/api/@microsoft/teams-js/microsoftteams.authentication.authtokenrequest?view=msteams-client-js-1.13.1.
The actual error thrown is a little more nuanced than missing permissions. It says the scopes are not formatted in a valid way:
And this seems true to me. I don't know what .default would mean in a list of scopes - I've never seen anything like that before. And there appears to be no way to specify the scopes in GUID form as the error suggests.
sayali-MSFT
commented
1 year ago @crrobinson14 -We will be checking this with the internal team and let you know the update.
sayali-MSFT
commented
1 year ago @crrobinson14 - We have checked this with the internal team, and as they mentioned, the issue is due to the. developer hasn't registered their app correctly in AAD as per the instructions here:
And/or they have not correclty confiugred the resource in the webApplicationInfo section of their app. This doesn't look like a valid resource URI:
api://localhost:53000.verdocs.com/...GUID...
Could you please check it once and confirm the same?
I'm trying to follow the SSO instructions at https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/tab-sso-overview. I've reviewed the process a few times and believe I've hit all the steps properly, including the AAD registration, API permissions, etc. in the Azure Portal, and the manifest updates in the client (Teams Tab app, created/managed using the Teams Toolkit in VSCode).
This function throws
unknownAuthErrorand the following (moderately redacted) is in my network logs as a 400-Bad-Request response to https://login.microsoftonline.com/...GUID.../oauth2/v2.0/token:The trouble is, I'm not setting this scope anywhere. The library must be generating it somehow, but I can't figure out where. Scope isn't a parameter accepted by
getAuthToken()nor is the above string present in any file in my project. I'm happy to set the correct scopes... but how? The only place I can see where scopes are referenced at all is in the AAD App Registration under API Permissions, and those are set using the UI, so I assume they have to be correct?