Forum Discussion

George71's avatar
George71
Brass Contributor
Oct 15, 2021

SameSite cookie problems in deskop version of Teams

Hi, I have created a Teams app, which contains static tabs (i.e. "personal" tabs). The tab content is hosted in SharePoint and uses MSAL v1.4.14 for authentication. However, I'm seeing the followin...
Microsoft Teams Development
Teams App
Teams Engineering
George71's avatar
George71
Brass Contributor
Oct 18, 2021

HunaidHanfee-MSFT 

The issue is reproduced when I access a simple html page in a static tab. I also see this problem when I host my application using a web server instead of SharePoint. I observed the same SameSite warnings in two different test tenant.

Here is what my app manifest file looks like:

{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.9/MicrosoftTeams.schema.json",
"manifestVersion": "1.9",
"version": "1.0.0",
"showLoadingIndicator": true,
"id": "cbfe33f3-04d1-4f41-ae80-849385d6bf33",
"packageName": "test",
"developer": {
"name": "Test App",
"websiteUrl": "https://testapp.com/",
"privacyUrl": "https://testapp.com/privacy-policy",
"termsOfUseUrl": "https://testapp.com/terms-use"
},
"icons": {
"color": "color.png",
"outline": "outline.png"
},
"name": {
"short": "Test",
"full": "Test Application"
},
"description": {
"short": "Test Application",
"full": "This app is a test application"
},
"accentColor": "#DA2DF0",
"staticTabs": [
{
"entityId": "tab1",
"name": "Tab #1",
"contentUrl": "https://gctest71.sharepoint.com/_layouts/15/teamslogon.aspx?SPFX=true&dest=/Shared%20Documents/test/index.aspx",
"websiteUrl": "https://gctest71.sharepoint.com/Shared%20Documents/test/index.aspx",
"scopes": [
"personal"
]
},
{
"entityId": "tab2",
"name": "Tab #2",
"contentUrl": "https://gctest71.sharepoint.com/_layouts/15/teamslogon.aspx?SPFX=true&dest=/Shared%20Documents/test/phone.aspx",
"websiteUrl": "https://gctest71.sharepoint.com/Shared%20Documents/test/phone.aspx",
"scopes": [
"personal"
]
},
{
"entityId": "about",
"scopes": [
"personal"
]
}
],
"permissions": [
"identity",
"messageTeamMembers"
],
"validDomains": [
"gctest71.sharepoint.com"
],
"webApplicationInfo": {
"id": "00000003-0000-0ff1-ce00-000000000000",
"resource": "https://gctest71.sharepoint.com"
},
"localizationInfo": {
"defaultLanguageTag": "en-us",
"additionalLanguages": [
{
"languageTag": "fr",
"file": "locale_fr.json"
},
{
"languageTag": "es",
"file": "locale_es.json"
}
]
}
}

 

 

 

Here is what my Azure AD authentication configuration looks like for my App:

 

HunaidHanfee-MSFT's avatar
HunaidHanfee-MSFT
Iron Contributor
Oct 19, 2021
What are seeing on the tab, Could you please share the screenshot? Do you have another authentication on your SharePoint? Can you share minimal repro steps?
  • George71's avatar
    George71
    Brass Contributor
    Oct 21, 2021

    HunaidHanfee-MSFT 

    I have created a minimal app, which can reproduce the problem. Here is how to configure/deploy it:

    1. Create a SharePoint folder to host the web application code
    2. Setup an App in the Azure AD. Make a note of the Application (client) ID" in the "Overview" section.
      In the "Authentication" section, add the following configuration:

      Note: the Redirect URI is:
      https://<SharePointe tenant URI>/<SharePoint File Path>/silent-end.aspx

    3. Unzip the file SharePoint_files.zip
    4. Modify the filePath and clientAppId in the config.js file to include the SharePoint path you just created and the "Application (client) ID" from the Azure AD.
      For example if the SharePoint folder is https://gctest71.sharepoint.com/Shared Documents/test , you would have the following in config.js:
      var filePath = "/Shared%20Documents/test/";
      NOTE: You need to replace any spacer characters with "%20".
    5. Copy all files into your SharePoint Folder.
    6. Unzip testApp.zip
    7. Update the manifest.json file in the zip with:
      - the Application (client) ID in the paramater id
      - the SharePoint tenant name + file path in the following items:
      contentUrl, websiteUrl, validDomains, "webApplicationInfo, etc.
    8. Updload the testApp.zip to Teams.

    Testing:

    - Open the "Dev Tools" for the desktop Teams application.

    - Click on "Go to Issues".

    You will see the following:

     

     

     

    Note: You may not see all of the SameSite warnings right away. You can click ontrhe refresh button and/or sign out/in to see them.

     

     

    Thanks!

     

     

    • HunaidHanfee-MSFT's avatar
      HunaidHanfee-MSFT
      Iron Contributor
      Oct 25, 2021
      We have trouble setting this up. As per your shared information looks like these are only the warnings. You can either act on those warnings and fix those or skip it until and unless you are facing any error and app isn't working.

      Is your MSAL working fine or facing any error?
      • George71's avatar
        George71
        Brass Contributor
        Oct 26, 2021
        These are currently only warnings, but my fear is that something will change in the future and they will become errors and possibly break my app. I'm trying to figure out how I can resolve these warnings.
        Right now the MSAL stuff is working fine and I do not see these warnings when I use the web version of Teams. There are no MSAL errors when I run it in either platform.
        It looks like the SameSite header information needs to somehow be enabled on the server side because the desktop Teams app is flagging it as warning.
    • HunaidHanfee-MSFT's avatar
      HunaidHanfee-MSFT
      Iron Contributor
      Oct 21, 2021
      Thanks for sharing. I will update after setting this up.

Resources