Forum Discussion
Permissions for a static teams tab
If I am building a basic teams tab that is just a static site with buttons for redirect, do I need to request any permissions? I'm looking at this: https://learn.microsoft.com/en-us/graph/permissions...
Hi SadPython - Thanks for raising the query.
For a basic Teams tab that is static and only has redirection buttons, no permissions are needed initially. However, to add Single Sign-On (SSO) and User.Read access later, follow these steps:
- Configure API Permissions in Azure AD:
- Open your registered app in the Azure portal.
- Go to Manage > API permissions.
- Click + Add a permission, select Microsoft Graph, choose Delegated permissions, find User.Read, and add it.
- Implement OAuth 2.0 On-Behalf-Of Flow:
- This flow allows your app to get access tokens for Microsoft Graph on behalf of the user. Refer to the OAuth 2.0 On-Behalf-Of flow documentation for details.
- Token Cache Serialization:
- Handle token caching using MSAL.NET. Please refer to the Token cache serialization documentation for guidance.
- Use Microsoft Teams MSAL2 Provider:
- Simplify authentication and token management using the Microsoft Teams MSAL2 provider.
These steps will help you add SSO and User.Read access to your Teams tab app. Always request permissions only when needed to ensure security. For more details, please refer the documentation for app permissions and Microsoft Graph permissions.