Forum Discussion
Teams App Authentication Workflow across multiple devices
We have our own OAuth flow, so are you suggesting we use SSO flow using AAD?
Second, if you look at already published apps like `Jira Cloud` on Teams, they also have their own OAuth flow despite that they are able to achieve the multi-device flow i.e sign-in once on one device and use on other devices. So, how is that achieved?
MicrosoftHow are you implementing the authentication?
Could you please share the steps or doc ?
Below are the reference docs for implementing authentication flow in Bot/Tab:
https://docs.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/auth-flow-bot
https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-flow-tab
- We are using Tab based auth flow
https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-flow-tab- ChetanSharma-msftmuditsaxena - Could you please try with silent authentication as below:
https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-aad-sso
Sample code:
https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/tab-sso/csharpChetanSharma-msft The links you shared works well for using AAD as SSO/IDP provider while we use Okta as IDP
Let me explain in detail what I am trying to achieve here and my authentication flow.
Authentication flow
- We use OKTA as our IDP. So, OKTA issues us access/refresh token
- Using the token above we can access our internal services API
Teams Authentication Flow (Currently implemented)
- User installs app onto Mac App
- Gets a configuration page to login
- We use https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/authentication (https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/authentication/authentication#web-based-authentication-flow) to redirect users to our Okta sign-in pop-up page
- Post successful completion of this flow, we get access token and refresh token.
For the current user post the above installation flow, our app is installed on their other devices as well like iPad, mobile, etc. Now if a user wants to use our app on Mobile Teams Client for example, does he have to go through the same sign-in process again? Or Is there any other way to use the app on other devices without re-entering sign-in credentials?