Sep 21 2023 11:52 AM - edited Sep 21 2023 12:31 PM
I have a personal tab app that's a legacy app we want to use in Teams while we create a more "Teams Friendly" version. It's a Java application that uses HTTP Session to store user data. The server sends a cookie named JSESSIONID back to the browser and expects the browser to resend that cookie on subsequent interactions. It works fine standalone and in an iframe on another website, but on Teams the cookie isn't sent.
Steps to recreate:
1) Create an app with a personal app with a tab that goes to https://mysite.com/testapp/home
2) In the server handler for the above URL check for a cookie named "JSESSIONID". If it doesn't exist send back a cookie with attributes of
"JSESSIONID": {
"path": "/testapp",
"samesite": "None",
"secure": true,
"value": "TESTME123"
}
The page returned should have hyperlink to https://mysite.com/testapp/page1
3) Click on the link. Outside of teams the server would get the cookie named JSESSIONID in the server code handling the request for "page1".
->In the desktop or web client for Teams the cookie is not present on the request sent TO the server from the Tab App in Teams.
I know this type of page flow isn't the preferred way to do a Teams app as the single page application is the style of all the examples. Is there any reason you can't have a link back to the server and expect it will send cookies? Are there other response headers or cookie options I should be using so the cookies will be accepted and replayed on subsequent server requests?
Sep 21 2023 10:39 PM
@marcuswelby - Thanks for raising this issue. We will check this internally and will get back to you with updates.
Sep 22 2023 06:18 AM
@marcuswelby - The preferred approach for building Teams apps is to use single-page applications (SPAs) and the Teams JavaScript client library. SPAs provide a more seamless user experience within Teams and allow you to leverage the full capabilities of the Teams platform.
Here's an example of how you can implement token-based authentication in your Java application:
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
...
String token = Jwts.builder()
.setSubject("user123")
.signWith(SignatureAlgorithm.HS256, "secretKey")
.compact();
response.addHeader("Authorization", "Bearer " + token);
fetch('https://mysite.com/testapp/page1', {
headers: {
'Authorization': 'Bearer ' + token
}
})
.then(response => response.json())
.then(data => {
// Handle the response data
})
.catch(error => {
// Handle any errors
});
Thanks,
Prasad Das
------------------------------------------------------------------------------------------
If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link.
Sep 22 2023 07:50 AM
Sep 24 2023 11:54 PM
@marcuswelby - Got it. We will check this with engineering team internally and will update you accordingly. Thanks!
Sep 28 2023 01:49 PM
SolutionSep 28 2023 01:49 PM
Solution