cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Teams App Authentication Workflow across multiple devices

muditsaxena
Copper Contributor

‎Dec 06 2021 05:07 AM

‎Dec 06 2021 05:07 AM

Teams App Authentication Workflow across multiple devices

 

Hi, 

 

We are developing an app for Teams meeting utilizing the shared meeting stage. As part of this app, we have our own authentication flow using OAuth (https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-flow-tab). Now the one requirement we have right now is that in a multi-device scenario users should sign in once to the app on any of the devices for the first time post that the user can use the app without signing in again for other devices as well. For example, I add the Meeting App on desktop Teams, do the authentication using OAuth flow and after successful authentication, I should be able to use the same Meeting App on iPad as well without the need of signing in again. Documentation on this topic is not clear. Can you please point to the right documentation on how this can be achieved?

1,964 Views
1 Like
8 Replies
Reply
8 Replies
ChetanSharma-msft

‎Dec 06 2021 08:15 AM - edited ‎Dec 06 2021 08:21 AM

‎Dec 06 2021 08:15 AM - edited ‎Dec 06 2021 08:21 AM

Re: Teams App Authentication Workflow across multiple devices

@muditsaxena - Looks like we can not achieve this kind of authentication flow because if you logged-in to any device it stores the authentication details in a cache or memory on that particular device.
So it will always ask for authentication details at least for first time on different devices.

But you can implement SSO where if you are already logged-in to your Teams client, it will not ask for authentication for your tab or bot again on different device.
Single sign-on support for tabs - Teams | Microsoft Docs

Thanks,
Chetan Sharma
-------------------------------------------------------------------------------------------
If the response is helpful, please click "Mark as Best Response" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate.

0 Likes
Reply
muditsaxena

‎Dec 07 2021 08:33 AM - edited ‎Dec 07 2021 09:10 AM

‎Dec 07 2021 08:33 AM - edited ‎Dec 07 2021 09:10 AM

Re: Teams App Authentication Workflow across multiple devices

We have our own OAuth flow, so are you suggesting we use SSO flow using AAD?

Second, if you look at already published apps like `Jira Cloud` on Teams, they also have their own OAuth flow despite that they are able to achieve the multi-device flow i.e sign-in once on one device and use on other devices. So, how is that achieved?

0 Likes
Reply
ChetanSharma-msft

‎Dec 08 2021 04:30 AM

‎Dec 08 2021 04:30 AM

Re: Teams App Authentication Workflow across multiple devices

@muditsaxena - There are multiple ways to implement Authentication.
How are you implementing the authentication?
Could you please share the steps or doc ?

Below are the reference docs for implementing authentication flow in Bot/Tab:
https://docs.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/auth-flow-bot

https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-flow-tab
0 Likes
Reply
muditsaxena

‎Dec 20 2021 12:17 PM

‎Dec 20 2021 12:17 PM

Re: Teams App Authentication Workflow across multiple devices

@ChetanSharma-msft The links you shared works well for using AAD as SSO/IDP provider while we use Okta as IDP 

 

Let me explain in detail what I am trying to achieve here and my authentication flow. 

 

Authentication flow 

  1. We use OKTA as our IDP. So, OKTA issues us access/refresh token
  2. Using the token above we can access our internal services API 

Teams Authentication Flow (Currently implemented) 

 

  1. User installs app onto Mac App
  2. Gets a configuration page to login 
  3. We use web authentication flow (https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/authentication/authentication#web-... to redirect users to our Okta sign-in pop-up page 
  4. Post successful completion of this flow, we get access token and refresh token. 

 

For the current user post the above installation flow, our app is installed on their other devices as well like iPad, mobile, etc. Now if a user wants to use our app on Mobile Teams Client for example, does he have to go through the same sign-in process again? Or Is there any other way to use the app on other devices without re-entering sign-in credentials?

 

0 Likes
Reply
ChetanSharma-msft

‎Dec 22 2021 06:58 AM

‎Dec 22 2021 06:58 AM

Re: Teams App Authentication Workflow across multiple devices

@muditsaxena - SSO is supported for customer owned apps within the AAD tenants only.
If you have already logged-in to your Teams client, you no need to sign-in again in your Bot or Tab, if you have implemented AAD SSO.
0 Likes
Reply
RaghuRam_V

‎Dec 02 2022 09:39 PM

‎Dec 02 2022 09:39 PM

Re: Teams App Authentication Workflow across multiple devices

@muditsaxena Were you able to achieve your use case using Okta. We are working on something similar for our bot.

0 Likes
Reply