User Profile
dhoelzl
Copper Contributor
Joined Jan 17, 2020
User Widgets
Recent Discussions
Teams Activity Feed Notifications / Multi-Tenant
Hello! I have some questions about Teams activity feed notifications and how they work in conjunction with tenants. What I currently have is: * In AAD registered an application in a tenant with permissions + admin consent to send activity notifications - the application was registered with signInAudience "AzureADMultipleOrgs" * Set the ID of that application as "webApplicationInfo" in the manifest of the teams application developed by us * Get an application token with a secret configured with this application from login.microsoft.com * Send an activity notification with that application token to a user by it's ID (the notifications are sent by our application) via graph.microsoft.com With this an activity notification can be sent to all users which have installed the teams application. But that only works if the user which the notification should be sent is also in the same tenant than the application was registered. If the user has the application installed but is from an other tenant, an error message like "the user cannot be found in the tenant" occurs. As the ID of the registered application is also part of the manifest I don't understand how it would be possible for an other organisation to install our teams application and we can send activity notifications to their users in their tenant. The other organisation could themselves register an application in their ADD with appropriate access rights and configure access to it so that our application could send notifications to their users, but as the ID is in the manifest this would not be possible as that ID always points to our tenant. I tried removing the "webApplicationInfo" entry from the manifest, but without it sending notification does not work at all. What I am missing here? My main questions: * How would it be possible to send activity notifications to users in different tenants for a Teams application in the store (so no manifest change is possible)? * Why is sending notifications restricted to only the tenant the application was registered in? Should a limitation to users which have the application installed not be enough restriction? Thank you and regards, Dominik2.3KViews2likes2CommentsRe: Access session (UniversalBot.loadSession) and it's userData from tab
subhasish-MSFT Thank you! So with this I can access the session before teams retrieves an URL to the configuration page, so that I can attach an oAuth access token (or the id/aadObjectId) as URL parameter which later can be accessed when handling the GET-Request of the configuration page itself? May this be insecure? Where is the documentation about that? I can see that the C#-equivalent is OnTeamsMessagingExtensionConfigurationQuerySettingUrlAsync (found at https://github.com/microsoft/botbuilder-dotnet/blob/master/libraries/Microsoft.Bot.Builder/Teams/TeamsActivityHandler.cs), but I cannot find any reference documentation for this. How does this interfere with the configured configurationUrl in the manifest? I will try and play around with this. Regards, Dominik1.5KViews0likes0CommentsRe: Access session (UniversalBot.loadSession) and it's userData from tab
subhasish-MSFT Thank you for your reply! I have configured a configurable tab like this: "configurableTabs": [ { "configurationUrl": "<a href="https://XXXXXXXX.ngrok.io/tab/configure" target="_blank">https://XXXXXXXX.ngrok.io/tab/configure</a>", "canUpdateConfiguration": true, "scopes": [ "team" ] } ] I am using Node/express: app.get("/tab/configure", (req, res) => { res.render("configure") }); And I get called via GET-Request: req.url: "/tab/configure" req.method: "GET" req.rawHeaders: "["Host","XXXXXXXX.ngrok.io", "Accept","text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8", "Accept-Encoding","gzip, deflate, br", "Referer","<a href="https://teams.microsoft.com/iframe-container.html" target="_blank">https://teams.microsoft.com/iframe-container.html</a>", "Upgrade-Insecure-Requests","1", "User-Agent","Mozilla/5.0" (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.362 Chrome/66.0.3359.181 Electron/3.1.13 Safari/537.36", "X-Forwarded-Proto","https","X-Forwarded-For","XXX.XXX.XXX.XXX"]" Where can I access the id and aadObjectId? Do I miss something? I cannot see any header or URL-argument containing authentication information. When I dump the result of microsoftTeams.getContext on my configuration page, there is also no id or aadObjectId, and as stated in the docs this information must not be used for user authentication anyway. Thank you and regards, Dominik1.5KViews0likes2CommentsSearch Messaging Extension / Images with OAuth authentication / SVG support / DATE/TIME-formatting
Hello! I am implementing a Teams App with a search messaging extension (manifest: composeExtensions/commands/id "search") which outputs an attachment list via builder.ThumbnailCard/builder.CardImage/builder.cardAction/... I am encountering the following problems: The image URLs seem to be unauthenticated and so far I could not find any way to access the address object to obtain the session and access e.g. OAuth access tokens assigned with the current user/session. There are no headers sent which could be used for that. As the images contain sensitive data, only users authenticated against our service are able to request them via the public service. I can use data URIs as a workaround, but they cannot be updated. SVG support (content-type: image/svg+xml) for images in the attachment list, to be able to provide scale independent icons. Support for "{{DATE}}" and "{{TIME}}" formatting in the text attribute is missing (as stated in the docs). Is there any way to correctly display a date/time in the user's time zone and the user's formatting preferences there? Thank you and Regards, DominikAccess session (UniversalBot.loadSession) and it's userData from tab
Hello! Is there any possibility to access the current session (UniversalBot.loadSession with an address object) and the associated userData when handling a request for a tab? There is microsoftTeams.getContent on the tab client side, but that information is insecure and cannot be used for authentication as stated in the docs. When handling a bot request, e.g. handling a messaging extension request for a search which needs authentication to an external IDP, this information can be accessed through the address object from the event object in an onQuery-handler, but so far I could not figure out how to do this when handling a request for a tab. Especially I don't know how to access the address object with which the session can be loaded. I would need this to use one single authentication flow with the bot but not an additional tab based authentication flow. I want to avoid using microsoftTeams.authentication.authenticate as a second parallel authentication flow to the bot authentication initiated with responding with composeExtension/type "auth"/"openUrl". Using two parallel authentication flows may confuse the user as e.g. when the user first uses the tab flow the bot/messaging extension needs an additional authentication, and when using the bot flow first the tab can be authenticated through localStorage (writing the access token into the localStore in the authentication callback site) on the machine where the authentication took place, but when signed in to Teams simultaneously on another machine, the bot can use the access token there too, as the Teams sessions is the same, but the tab is not authenticated as it cannot access the session. Regards, DominikCustom Teams Cloud Store Provider
Hello! I am developing an app for Microsoft Teams which interacts with our cloud service and I would like to know how to integrate a custom cloud storage provider into Teams (Teams: Files -> Add cloud storage). Currently I have only the options "Citrix files", "Dropbox", "Box" and "OneDrive", but I would like to have a custom option to add our cloud service. I could not find any hints about extending this in the app manifest description (https://docs.microsoft.com/en-us/microsoftteams/platform/resources/schema/manifest-schema) nor any hints in the Microsoft Teams app developer reference. How can I do this? Thank you and Regards, Dominik
Recent Blog Articles
No content to show