Validate Teams Authentication Token on Manipulation

Copper Contributor

I'm currently trying to use the authentication token of Microsoft Teams for my own applications.

So far I've implemented my tunneled(ngrok) app within a custom app created with App Studio. This app is a node.js server, which is based on the Quick Start Example found in the Azure Portal. This script uses the msal package to get an authentication token.  I was able to make it work and get a token of the Azure AD, but it seems to be different from the token you get at the beginning when you refresh the session of the web version of Mircosoft Teams. The token is displayed in console of your web browser. Sadly I couldn’t get a picture of the message, but it goes something like ‘success *your token*‘.

 

So I have following questions:

  1. Which token is the correct one, if I want to validate the user? (Both contain information data about the user, so I’m not quit sure)
  2. How do I validate the token on possible manipulation? (I want to use the authentication data for my other non Microsoft logins, but need to check if there are legit)

 

Already, thanks for everyone that is gonna help me with my problem here.

If someone could share an example, that would also be very nice. :)

3 Replies

@pkulla For authenticating app inside teams currently ADAL js is supported (not MSAL).

Can you please follow this doc for implementing authentication.

@subhasish-MSFT Thanks for suggestion, but I've already tried that. It didn't work for me. I'm not quit sure if I did something wrong, but it wouldn't give me any result. Also I read that for Azure ver. 2 you will need msal instead of adal. So, what should I do then?

@pkulla, Can you please share details about what error you got when you tried the sample.