Support single tenant AAD application for Teams MSAL2 Provider

microsoftgraph / microsoft-graph-toolkit

Authentication Providers and UI components for Microsoft Graph 🦒

https://docs.microsoft.com/graph/toolkit/overview

Other

944 stars 303 forks source link

Support single tenant AAD application for Teams MSAL2 Provider #1391

Closed SLdragon closed 1 year ago

SLdragon commented 2 years ago

Hi, team, Now Teams MSAL2 provider only support multi-tenant AAD application according to these docs:

https://docs.microsoft.com/en-us/graph/toolkit/providers/teams-msal2?tabs=ts#creating-an-appclient-id

https://docs.microsoft.com/en-us/graph/toolkit/get-started/build-a-microsoft-teams-sso-tab?tabs=unpkg%2CHTML#creating-an-appclient-id

In some scenario, we can only use single tenant AAD application, which has different authority and not compatible with multi-tenant AAD application.

Do we have plan to support it? Thank you very much!

ghost commented 2 years ago

Hello SLdragon, thank you for opening an issue with us!

I have automatically added a "needs triage" label to help get things started. Our team will analyze and investigate the issue, and escalate it to the relevant team if possible. Other community members may also look into the issue and provide feedback 🙌

nmetulev commented 2 years ago

Hey @SLdragon, have you tried specifying the tenant in the authority property in the config object? This should allow you to use the provider with a single tenant application.

ghost commented 2 years ago

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.

SLdragon commented 2 years ago

Thanks for your feedback, however from TeamsMsal2Config, I didn't find authority property, where can I find it?

export interface TeamsMsal2Config {
  clientId: string;
  authPopupUrl: string; // see below for creating the popup page
  scopes?: string[];
  msalOptions?: Configuration;
  ssoUrl?: string; // ex: '/api/token',
  autoConsent?: boolean,
  httpMethod: HttpMethod; //ex HttpMethod.POST
}

nmetulev commented 2 years ago

I see. One way to do it is to add the authority as part of the msalOptions configuration, but I know that is probably not the most ergonomic approach.

Do you want to help us add an authority property to the TeamsMsal2Config object to make this a bit easier?

SLdragon commented 2 years ago

Oh, yes, that will be great if you have authority property in the TeamsMsal2Config object, thank you! I am not very familiar with your code, and where can I start?

sebastienlevert commented 2 years ago

Helping with this one for you @SLdragon. The best place to start would be here : https://github.com/microsoftgraph/microsoft-graph-toolkit/blob/main/packages/providers/mgt-teams-msal2-provider/src/TeamsMsal2Provider.ts#L94

If defined, it could be merged with the MSAL Config here : https://github.com/microsoftgraph/microsoft-graph-toolkit/blob/main/packages/providers/mgt-teams-msal2-provider/src/TeamsMsal2Provider.ts#L305

That would be absolutely useful, especially in TeamsFx scenarios! Please let us know! Something similar could be achieved also for the TeamsFx provider!

gavinbarron commented 1 year ago

Closing this at the TeamsMSAL2 provider is deprecated