Forum Discussion

dhoelzl's avatar
dhoelzl
Copper Contributor
Jan 20, 2020

Access session (UniversalBot.loadSession) and it's userData from tab

Hello!   Is there any possibility to access the current session (UniversalBot.loadSession with an address object) and the associated userData when handling a request for a tab?   There is microso...
Authentication
developer
microsoft teams
OAuth
Session
userData
subhasish-MSFT's avatar
subhasish-MSFT
Former Employee
Jan 23, 2020

dhoelzl 

Every request to your services includes the id and aadObjectId, which are guaranteed to be of the authenticated Teams user. They can be used as keys to look up credentials or any cached state in your service. In addition, each request contains the Azure Active Directory tenant ID of the user, which can be used to identify the user’s organization.
You can take a look at below link for more details.
https://docs.microsoft.com/en-us/microsoftteams/platform/messaging-extensions/how-to/add-authentication#authentication



 

dhoelzl's avatar
dhoelzl
Copper Contributor
Jan 27, 2020

subhasish-MSFT 

Thank you for your reply!

 

I have configured a configurable tab like this:

 

 

  "configurableTabs": [
    {
      "configurationUrl": "<a href="https://XXXXXXXX.ngrok.io/tab/configure" target="_blank">https://XXXXXXXX.ngrok.io/tab/configure</a>",
      "canUpdateConfiguration": true,
      "scopes": [
          "team"
      ]
    }
  ]

 

 

 
I am using Node/express:

 

 

app.get("/tab/configure", (req, res) => {
  res.render("configure")
});

 

 

 
And I get called via GET-Request:

 

 

req.url: "/tab/configure"
req.method: "GET"
req.rawHeaders:
"["Host","XXXXXXXX.ngrok.io",
"Accept","text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
"Accept-Encoding","gzip, deflate, br",
"Referer","<a href="https://teams.microsoft.com/iframe-container.html" target="_blank">https://teams.microsoft.com/iframe-container.html</a>",
"Upgrade-Insecure-Requests","1",
"User-Agent","Mozilla/5.0" (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.362 Chrome/66.0.3359.181 Electron/3.1.13 Safari/537.36",
"X-Forwarded-Proto","https","X-Forwarded-For","XXX.XXX.XXX.XXX"]"

 

 

 
Where can I access the id and aadObjectId? Do I miss something? I cannot see any header or URL-argument containing authentication information.
 
When I dump the result of microsoftTeams.getContext on my configuration page, there is also no id or aadObjectId, and as stated in the docs this information must not be used for user authentication anyway.
 
Thank you and regards,
Dominik
 
 

Resources