Microsoft Teams Version 1.4.00.27664 is not triggering getContext

[MicroTamil-Haribabu]

Microsoft Teams Version 1.4.00.27664 is not triggering getContext() on authentication popup; This was working fine with previous versions of Teams.

tab.html

teams.authentication.authenticate({
  url: environment.serviceUrl + "AuthHandler/auth.html?myurl=" + encodeURIComponent(fullURL),
  width: 800,
  height: 600,
  successCallback: function (res) {
    alert('done')
  },
  failureCallback: function (reason) {
    console.log('error from teams auth: ', reason);
  }
});

auth.html

<script src='https://statics.teams.cdn.office.net/sdk/v1.6.0/js/MicrosoftTeams.min.js'></script>

<script>
microsoftTeams.initialize();
microsoftTeams.getContext(function (cntx) {
  alert(cntx);
});
</script>

i even tried with version 1.11.0 which is the latest at this moment.

[ghost]

Hi MicroTamil-Haribabu! Thank you for bringing this issue to our attention. We will investigate and if we require further information we will reach out in one business day. Please use this link to escalate if you don't get replies.

Best regards, Teams Platform

[Prasad-MSFT]

Hi @MicroTamil-Haribabu , this is a known issue and there is already an ICM raised for this issue. Thanks!

[MagtheRag]

I have experienced the same issue in the mobile client. Suddenly we do not get the teams context from teamsjs and it is very disturbing for us as it is affecting all our customers which has our solution rolled out

[espenjohannessen]

Any updates on this? We're experiencing the same issue across multiple products and haven't been troubleshooting to much since others reported the same issue and I assumed a fix would be imminent, but now almost a month later I'm starting to wonder if this isn't as wide-spread as I first thought?

[ChetanSharma-msft]

Hello Everyone, This issue investigation is in-progress, We will check and share the updates on it. Meanwhile could you please try updating your Teams desktop client version and check it once.

[espenjohannessen]

@v-chetsh The Teams desktop client is up to date and has been updated a couple of times since this issue was first reported without any improvement. The current version is 1.4.00.29469 (64-bit). We don't see the same issues in a browser or on other operating systems (Macs, iOS, Android, etc.). The issue affects both personal apps and tabs, but for some reason it doesn't affect a personal app opened in a new window, so that's one way of bypassing the issue since that login will be valid in personal apps and tabs after it has been closed. See attached screenshots:

Not working:

Opening personal app in new window:

Working:

The original repro steps posted by @MicroTamil-Haribabu are more or less identical to what we're seeing, and based of Teams authentication examples on docs.microsoft.com, so I'd assume a lot of users are having this issue and have been for the last month or so.

[ChetanSharma-msft]

@espenjohannessen - Could you please share the repro steps and error logs.

[espenjohannessen]

@v-chetsh The original repro steps in this issue is as clean as it get's and since this is within Teams I really don't have any error logs either. If you look at "Authenticate a user in a Microsoft Teams tab" on docs.microsoft.com you'll see a similar example and as stated before the issue is that code within getContext() never runs (no call back).

https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-tab-aad

[Aurora12]

We are experiencing this issue with an app that used to work for months. We are using "@microsoft/teams-js": "^1.11.0". Everything is a textbook example and never changed in more than 2 months. Suddenly we are not receiving a callback for initialize().

What started happening at the same time: when we go through the authentication process (popup client flow), we receive CancelledByUser upon authentication.notifySuccess(). This is mentioned here: https://github.com/OfficeDev/microsoft-teams-library-js/issues/629

If this is not the highest priority, I don't know what is!

[NewFuture]

The Extension config page doesn't work either (desktop and latest Chrome/edge) Feedback from my users: https://github.com/NewFuture/custom-stickers-teams-extension/issues/58

• [√]MS Teams app on IOS works fine
• [√] Also with desktop via Firefox (78.0.2 (64-bit)) works.
• [×] On MS Teams Desktop (1.4.00.29469 (64-bit)), MS Edge (95.0.1020.44) and Google Chrome (95.0.4638.69) cannot work.

@Wajeed-msft @Prasad-MSFT @v-chetsh. It breaks all teams extensions which depend on getContext in the pop-up page. This is a SEV1 or SEV0 Level bug.

[swapnil-wishlist]

Experiencing the same issue with the teams' desktop version on both Mac and Windows. getContext sometimes works and sometimes doesn't return callback in the popup. If we try to skip the getContext part, we receive CancelledByUser on calling notifySuccess(). The issue is being reported by our clients as they are not able to use our app because of this underlying issue. It is not feasible to keep asking clients to use the teams' web version.

[ChetanSharma-msft]

@NewFuture, @swapnil-wishlist - We got an update from engineering team on similar kind of issue. Please check here: #629

[HunaidHanfee-MSFT]

We have got feedback from a customer that after updating the Teams desktop client to the latest the issue is no longer persists. Could you please try updating the Teams desktop client and check it once?

Please let us know if you are still facing the issue.

Thanks

[swapnil-wishlist]

@HunaidHanfee-MSFT we got our users to update to the latest teams' version and the issue persists.

[HunaidHanfee-MSFT]

Hello @swapnil-wishlist, @NewFuture, @Aurora12, @espenjohannessen We have deployed an app where we have implemented this functionality. Please download this manifest and try in your tenant. Auth_Context_test.zip

When you will add the tab in Teams team, configure page will see two buttons image

Please select Set signin then click on save (if you just want to check getContext you can click on Check getContext button as well). Now, once the tab is open you will see a button image

here the code that will execute when you click on it-

microsoftTeams.initialize();
        console.log("SignIn start")
        microsoftTeams.authentication.authenticate({
            url: window.location.origin + "/signin-simple-start",
            successCallback: () => {
                history.push("/navigateDomain");
            },
            failureCallback: (reason) => {
                alert(reason);
                history.push("/errorpage");
            }
});

Once you are succesfully signed in - We have added two button in the last authenticate step, one to getContext and alert the current tenant Id and other to call notifySuccess

code that is written at end of the step -

useEffect(() => {
        microsoftTeams.initialize();
        const hashParams: any = getHashParameters();
        if (hashParams["error"]) {
            // Authentication/authorization failed
            alert("notifyFailure gets called -- " + hashParams["error"]);
            microsoftTeams.authentication.notifyFailure(hashParams["error"]);
        } else if (hashParams["id_token"]) {
            // Success
            if (hashParams["access_token"]) {
                localStorage.setItem("auth.result", JSON.stringify({
                    accessToken: hashParams["access_token"]
                }));
            }

        } else {
            // Unexpected condition: hash does not contain error or access_token parameter            
            alert("notifyFailure gets called -- Unknown error ");
            microsoftTeams.authentication.notifyFailure("UnexpectedFailure");
        }
    }, [props.location]);

    const callContext = () => {
        microsoftTeams.initialize(() => {
            microsoftTeams.getContext(context => {
                alert(context.tid);
            })
        })
    }

    const callNotifySuccess = () => {
        alert("notifySuccess gets called");
        microsoftTeams.authentication.notifySuccess("TEST");
    }

    return (
        <>
            <div>
                <Text content="Click on it to call getContext and see current tenant Id." />
                <div><Button content="Call getContext" onClick={() => { callContext() }} /></div>
            </div>
            <div>
                <Text content="Call notifySuccess." />
                <div><Button content="Call notifySuccess" onClick={() => { callNotifySuccess() }} /></div>
            </div>
        </>
    );

Click on notifySuccess to close the popup and redirect to page. Once you are redirected there again we have a button that will alert context.theme

Please try it at your end and let us know if you facing this issue with our app as well.

Thanks

[HunaidHanfee-MSFT]

Hello @swapnil-wishlist, @NewFuture, @Aurora12, @espenjohannessen - Could you please confirm once by trying above app?

[ViDaNgEr]

Hi, I got the same problems here.
I've tried Auth_Context_test.zip and I got the same issue. I've tested with Teams version 1.4.00.32771 (64 bits) and version 1.4.00.35564 (64 bits) .

[ChetanSharma-msft]

@ViDaNgEr - Could you please share your testing environment so that we can check it from our end? We have already tried in our test environment and it's working fine for us.

[espenjohannessen]

I'm also seeing the same issue with the Auth_Context_test.zip and I'm using 1.4.00.32771 (64-bit):

[ViDaNgEr]

@ViDaNgEr - Could you please share your testing environment so that we can check it from our end? We have already tried in our test environment and it's working fine for us.

OS: Windows 10 Home, Version: 10.0.19044 Build 19044 Teams version 1.4.00.32771 (64 bits) and version 1.4.00.35564 (64 bits)

@v-chetsh do you need something more specific?

[Meghana-MSFT]

Could you please share the console logs from Desktop app? Please follow this to get the logs - https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/developer-tools

[ViDaNgEr]

Could you please share the console logs from Desktop app? Please follow this to get the logs - https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/developer-tools

[sadomovalex]

we also face with this issue inside Teams desktop client (and to be sure I've updated Teams desktop client to the latest version). Customers started to complained that authentication stopped working in Teams desktop client: after entering credentials in login popup empty window was shown:

We use the following code for authentication inside Teams client (I've added few window.alert() calls for debugging there):

microsoftTeams.initialize();

window.alert("1");

// Get the tab context, and use the information to navigate to Azure AD login page
microsoftTeams.getContext(function (context) {

window.alert("2");

    // Generate random state string and store it, so we can verify it in the callback
    let state = _guid();
    localStorage.setItem("simple.state", state);
    localStorage.removeItem("simple.error");

    // See https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-implicit
    // for documentation on these query parameters
    let queryParams = {
        client_id: getQueryStringValue('clientId'),
        response_type: "token",
        response_mode: "fragment",
        scope: getQueryStringValue('scope'),
        redirect_uri: getQueryStringValue('redirectUri'),
        nonce: _guid(),
        state: state,
        login_hint: context.loginHint
    };

window.alert("3");

    // Go to the AzureAD authorization endpoint (tenant-specific endpoint, not "common")
    // For guest users, we want an access token for the tenant we are currently in, not the home tenant of the guest.
    let authorizeEndpoint = `https://login.microsoftonline.com/${context.tid}/oauth2/v2.0/authorize?${toQueryString(queryParams)}`;
    window.location.assign(authorizeEndpoint);
});

In this example window.alert("1") was called but window.alert("2") was not. I.e. callback handler passed to microsoftTeams.getContext() was not called.

Not sure is it related with the issue or not but in teams dev tools I've only found one failing request to the following url:

https://mytenant.sharepoint.com/sites/foo/_api/Microsoft.SharePoint.Internal.ClientSideComponent.Token.AcquireOBOToken?resource=%27d858bd51-d374-4fc0-83a2-c5512e0f5a09%27&clientId=%2708e18876-6177-487e-b8b5-cf950c1e598c%27

which returned the following error in the response:

{"odata.error":{"code":"-1, Microsoft.Identity.Client.MsalUiRequiredException","message":{"lang":"en-US","value":"AADSTS500131: Assertion audience does not match the Client app presenting the assertion. The audience in the assertion was 'https://mytenant.sharepoint.com' and the expected audience is '08e18876-6177-487e-b8b5-cf950c1e598c' or one of the Application Uris of this application with App ID '08e18876-6177-487e-b8b5-cf950c1e598c'(SharePoint Online Web Client Extensibility). The downstream client must request a token for the expected audience (the application that made the OBO request) and this application should use that token as the assertion.\r\nTrace ID: 29259874-b3f3-47db-be95-168c6c955100\r\nCorrelation ID: e90d3ee2-a839-48db-a433-a1e03bf72a44\r\nTimestamp: 2022-02-23 11:44:09Z"}}}

Note that after configuring tenant-level permissions in SPO admin center > Advanced > API access it started to work inside Teams desktop client as well since in this case it doesn't use popup:

But this is workaround and not solution for initial problem that microsoftTeams.getContext() callback is not called.

[SanthoshThangarasu]

Any updates on this? We are experiencing same issue with Teams Desktop(Windows) Version 1.4 and 1.5 also.

[mgwojciech]

Hello, I'm experiencing the same issue as well. Currently limited to mobile only.

[mgwojciech]

we also face with this issue inside Teams desktop client (and to be sure I've updated Teams desktop client to the latest version). Customers started to complained that authentication stopped working in Teams desktop client: after entering credentials in login popup empty window was shown:

We use the following code for authentication inside Teams client (I've added few window.alert() calls for debugging there):

microsoftTeams.initialize();

window.alert("1");

// Get the tab context, and use the information to navigate to Azure AD login page
microsoftTeams.getContext(function (context) {

window.alert("2");

    // Generate random state string and store it, so we can verify it in the callback
    let state = _guid();
    localStorage.setItem("simple.state", state);
    localStorage.removeItem("simple.error");

    // See https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-implicit
    // for documentation on these query parameters
    let queryParams = {
        client_id: getQueryStringValue('clientId'),
        response_type: "token",
        response_mode: "fragment",
        scope: getQueryStringValue('scope'),
        redirect_uri: getQueryStringValue('redirectUri'),
        nonce: _guid(),
        state: state,
        login_hint: context.loginHint
    };

window.alert("3");

    // Go to the AzureAD authorization endpoint (tenant-specific endpoint, not "common")
    // For guest users, we want an access token for the tenant we are currently in, not the home tenant of the guest.
    let authorizeEndpoint = `https://login.microsoftonline.com/${context.tid}/oauth2/v2.0/authorize?${toQueryString(queryParams)}`;
    window.location.assign(authorizeEndpoint);
});

In this example window.alert("1") was called but window.alert("2") was not. I.e. callback handler passed to microsoftTeams.getContext() was not called.

Not sure is it related with the issue or not but in teams dev tools I've only found one failing request to the following url:

https://mytenant.sharepoint.com/sites/foo/_api/Microsoft.SharePoint.Internal.ClientSideComponent.Token.AcquireOBOToken?resource=%27d858bd51-d374-4fc0-83a2-c5512e0f5a09%27&clientId=%2708e18876-6177-487e-b8b5-cf950c1e598c%27

which returned the following error in the response:

{"odata.error":{"code":"-1, Microsoft.Identity.Client.MsalUiRequiredException","message":{"lang":"en-US","value":"AADSTS500131: Assertion audience does not match the Client app presenting the assertion. The audience in the assertion was 'https://mytenant.sharepoint.com' and the expected audience is '08e18876-6177-487e-b8b5-cf950c1e598c' or one of the Application Uris of this application with App ID '08e18876-6177-487e-b8b5-cf950c1e598c'(SharePoint Online Web Client Extensibility). The downstream client must request a token for the expected audience (the application that made the OBO request) and this application should use that token as the assertion.\r\nTrace ID: 29259874-b3f3-47db-be95-168c6c955100\r\nCorrelation ID: e90d3ee2-a839-48db-a433-a1e03bf72a44\r\nTimestamp: 2022-02-23 11:44:09Z"}}}

Note that after configuring tenant-level permissions in SPO admin center > Advanced > API access it started to work inside Teams desktop client as well since in this case it doesn't use popup:

But this is workaround and not solution for initial problem that microsoftTeams.getContext() callback is not called.

This work-around works only because there is a condition in the app to use SP Extensibility Principal if that's possible. I don't think this will solve the issue for someone else

[barrettlee]

Is there any news on this? I cannot believe it could be such a low priority. Doesn't it seem like the main issue is that when Teams launches any popup browser window, it does not get a context, therefore initialize and the rest of the SDK functions don't do anything? Its not really an authentication issue is it?

[Meghana-MSFT]

https://github.com/OfficeDev/microsoft-teams-library-js/issues/629

[Meghana-MSFT]

This issue #https://github.com/OfficeDev/microsoft-teams-library-js/issues/629 is triaged and prioritized to be fixed in June.

[tiennguyen1293]

https://github.com/OfficeDev/microsoft-teams-library-js/issues/975 https://github.com/OfficeDev/microsoft-teams-library-js/issues/1186

Same issue.

[BryanCB1]

Hi we are getting the same error in Safari, any update of this?