New Teams Desktop unable to use third-party oauth provider when embedding site

Copper Contributor

By using the Website app, our users were previously able to have our site (app.klue.com) in a tab, either on the desktop, mobile or teams web app. Previously, we use the authentication flow as detailed here:  embed tab invites user to login, link would open third party oauth provider (us) in the user's browser, user authenticates, the window is closed, desktop app is notified of successful authentication and reloads the tab with the user logged in

 

The new desktop app still shows the invitation to link but any attempt to login is unsuccessful. It seems the new desktop app does not receive the authentication notification OR does not send the correct context to the OAuth idp provider. Note: it still works in mobile app, and also it still works in web app with the new teams experience enabled.

Did anyone else see a similar issue? This is frustrating for users as it was a simple quick way to have quick access to our site within Teams

6 Replies
Thank you for reporting this, we will look into this and get back to you.
We have the following response from engineering team - The external auth flow is already supported in T2.1. The external auth flow is only available to Platform Apps and cannot be used from the Website tab. We would need more details from the developer along with repro steps for the issue they are describing because I can't imagine how something like that would be possible even in T1 using the Website tab.

Could you please share the above details.

@heri_klue - Could you please share above details?

Thanks @Meghana-MSFT

To reproduce
1. In the web app or classic Teams, go to a channel in Teams, and then click + (Add a Tab) button.
2. Choose "Website" when prompted, then specify "https://app.klue.com" as URL. Click "Save"
3. Click Login. Feel free to email me `heri _at_ klue.com` for test credentials. The login works on classic Teams or web app but would not work for the new Desktop app

Do you know if there are plans to support external auth flow for Website tab in T2.1?
The Website tab is not going to work the same in the New Teams Client as it did in the Classic Teams Client. Website tab will be deprecated. Hence there aren't any plans to support external auth flow for Website tab in T2.1.

Please find the below response from engineering team- 

Looks like this is happening because the Klue app is making some assumptions about undocumented behavior of Teams that are broken in Teams 2.1 resulting in the divergent behavior. Specifically, they have code in their website that tries to determine if they are being rendered in Teams to change the way login is handled:

MeghanaMSFT_0-1706773423406.png

In Teams 2.1, the name of the Website tab frame is "platform-website-tab" instead of "embedded-page-container" so the check that the Klue app is doing returns false. They should update this logic to also check for "platform-website-tab"; however, long term it would be best if they figured out how to channel customers to their dedicated Klue app:

MeghanaMSFT_1-1706773441539.png

 

Since the Website tab is on a path to deprecation:

https://devblogs.microsoft.com/microsoft365dev/upcoming-updates-to-loading-websites-in-teams-tabs