| Service | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| platform | Auth Aad Sso Bots | https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/bots/how-to/authentication/auth-aad-sso-bots.md | -Single sign-on authentication in Azure Active Directory silently refreshes the authentication token to minimize the number of times users need to enter their sign-in credentials. If users agree to use your app, they don't have to provide consent again on another device as they're signed in automatically. Tabs and bots have similar flow for SSO support. But bot [requests tokens](#request-a-bot-token) and [receives responses](#receive-the-bot-token) with a different protocol. +Single sign-on authentication in Microsoft Azure Active Directory (Azure AD) silently refreshes the authentication token to minimize the number of times users need to enter their sign in credentials. If users agree to use your app, they don't have to provide consent again on another device as they're signed in automatically. Tabs and bots have similar flow for SSO support. But bot [requests tokens](#request-a-bot-token) and [receives responses](#receive-the-bot-token) with a different protocol. >[!NOTE] > OAuth 2.0 is an open standard for authentication and authorization used by Azure AD and many other identity providers. A basic understanding of OAuth 2.0 is a prerequisite for working with authentication in Teams. The following steps help you with authentication and bot application tokens: 1. Azure AD sends the bot application token to the Teams application. -1. Teams sends the token to the bot as part of the value object returned by the invoking with **sign-in/tokenExchange**. +1. Teams sends the token to the bot as part of the value object returned by the invoking with **sign in/tokenExchange**. 1. The parsed token in the bot application provides the required information, such as the user's email address. The steps to register your app through the Azure AD portal are similar to the [t > * If you are building a standalone bot, enter the Application ID URI as `api://botid-{YourBotId}`. Here *YourBotId* is your Azure AD application ID. > * If you are building an app with a bot and a tab, enter the Application ID URI as `api://fully-qualified-domain-name.com/botid-{YourBotId}`. -1. Select the permissions that your application needs for the Azure AD endpoint and, optionally, for Microsoft Graph. -1. [Grant permissions](/azure/active-directory/develop/v2-permissions-and-consent) for Teams desktop, web, and mobile applications. 1. Select **Add a scope**. 1. In the panel that prompts, enter `access_as_user` as the **Scope name**. The steps to register your app through the Azure AD portal are similar to the [t  -1. Add necessary **API Permissions**. - * Select **API permissions** from the left plane. - * Select **Add a platform** to add any user delegated permissions that your app requires to downstream APIs, for example, User.Read. - 1. The following steps will help you to enable implicit grant: * Select **Authentication** from the left pane. * Select the **Access tokens** and **ID tokens** checkboxes. The steps to register your app through the Azure AD portal are similar to the [t * Select **Save** to save the changes. +1. Add necessary **API Permissions**. + * Select **API permissions** from the left pane. + * Select **Add a platform** to add any permissions that your app requires to downstream APIs, for example, User.Read. + #### Update manifest in Microsoft Azure portal The following steps will guide you to update the bot manifest in Azure portal: The following steps will guide you to update the Azure portal with the OAuth con * From the **Service Provider** drop-down, select **Azure Active Directory v2**. * Enter the client credentials, such as **Client Id** and **Client secret** for the Azure AD application.- * For the **Token Exchange URL**, use the scope value defined in [Update your Teams application manifest for your bot](#update-your-teams-application-manifest-for-your-bot). The Token Exchange URL indicates to the SDK that this Azure AD application is configured for SSO. + * For the **Token Exchange URL**, use the scope value defined in [Update your Teams application manifest for your bot](#update-your-teams-application-manifest-for-your-bot) for example, `api://botid-<your-app-id>/`. The Token Exchange URL indicates to the SDK that this Azure AD application is configured for SSO. * In the **Tenant ID**, enter *common*. * Add all the **Scopes** configured when specifying permissions to downstream APIs for your Azure AD application. With the Client ID and Client secret provided, the token store exchanges the token for a graph token with defined permissions. * Select **Save**. If the application contains a bot and a tab, then use the following code to add #### Request a bot token -The request to get the token is a normal POST message request using the existing message schema. It's included in the attachments of an OAuthCard. The schema for the OAuthCard class is defined in [Microsoft Bot Schema 4.0](/dotnet/api/microsoft.bot.schema.oauthcard?view=botbuilder-dotnet-stable&preserve-view=true) and it's similar to a sign-in card. Teams treats this request as a silent token acquisition if the `TokenExchangeResource` property is populated on the card. For the Teams channel, only the `Id` property, which uniquely identifies a token request, is honored. +The request to get the token is a normal POST message request using the existing message schema. It's included in the attachments of an OAuthCard. The schema for the OAuthCard class is defined in [Microsoft Bot Schema 4.0](/dotnet/api/microsoft.bot.schema.oauthcard?view=botbuilder-dotnet-stable&preserve-view=true) and it's similar to a sign in card. Teams treats this request as a silent token acquisition if the `TokenExchangeResource` property is populated on the card. For the Teams channel, only the `Id` property, which uniquely identifies a token request, is honored. >[!NOTE] > The Microsoft Bot Framework `OAuthPrompt` or the `MultiProviderAuthDialog` is supported for SSO authentication. If the user is using the application for the first time and user consent is requ When the user selects **Continue**, the following events occur: -* If the bot defines a sign-in button, the sign-in flow for bots is activated that is similar to the sign-in flow from an OAuth card button in a message stream. The developer must decide which permissions require user's consent. This approach is recommended if you require a token with permissions beyond `openId`. For example, if you want to exchange the token for graph resources. +* If the bot defines a sign in button, the sign in flow for bots is activated that is similar to the sign in flow from an OAuth card button in a message stream. The developer must decide which permissions require user's consent. This approach is recommended if you require a token with permissions beyond `openId`. For example, if you want to exchange the token for graph resources. -* If the bot isn't providing a sign-in button on the OAuth card, user consent is required for a minimal set of permissions. This token is useful for basic authentication and to get the user's email address. +* If the bot isn't providing a sign in button on the OAuth card, user consent is required for a minimal set of permissions. This token is useful for basic authentication and to get the user's email address. -##### C# token request without a sign-in button +##### C# token request without a sign in button ```csharp var attachment = new Attachment When the user selects **Continue**, the following events occur: #### Receive the bot token -The response with the token is sent through an invoke activity with the same schema as other invoke activities that the bots receive today. The only difference is the invoke name, **sign-in/tokenExchange**, and the **value** field. The **value** field contains the **Id**, a string of the initial request to get the token and the **token** field, a string value including the token. +The response with the token is sent through an invoke activity with the same schema as other invoke activities that the bots receive today. The only difference is the invoke name, +**sign in/tokenExchange**, and the **value** field. The **value** field contains the **Id**, a string of the initial request to get the token and the **token** field, a string value including the token. >[!NOTE] > You might receive multiple responses for a given request if the user has multiple active endpoints. You must deduplicate the responses with the token. |
| platform | Teams Store Ranking Parameters | https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/concepts/deploy-and-publish/appsource/post-publish/teams-store-ranking-parameters.md | + + Title: Microsoft Teams store ranking parameters +description: The Microsoft Teams store ranks app search results in the store using a set of ranking parameters to deliver relevant search results to users. ++ms.localizationpriority: medium ++++# Microsoft Teams store ranking parameters ++The information in this disclosure statement applies to the Microsoft Teams store in which Microsoft makes third-party apps available to users. The Microsoft Teams store ranks app search results in the store using a set of ranking parameters to deliver relevant search results to users. The ranking parameters listed aren't exhaustive and they're intended to provide our publisher community with a high-level understanding of the main parameters the storefront use in ranking determinations. All defined terms used but not otherwise defined herein will have the meaning ascribed thereto in the Microsoft Publisher Agreement. ++The Microsoft Teams store editorial team determines the prominence and location of an app within the Editorial sections such as promo banner on the Microsoft Teams store based on ranking parameters, and are used as objective criteria applied equally to all apps in the Microsoft Teams store that includes MicrosoftΓÇÖs own apps and all third-party developer apps. Following are the main parameters used to determine app placements: ++* Historical usage data: Apps with higher volumes of usage in the Teams store tend to rank higher than apps with lower usage. ++* User engagement data: Apps with higher user engagement in the Teams store tend to rank higher than apps with lower engagement. ++* App quality and value: Apps that have distinct value and provide a high-quality user experience tend to rank higher. ++* Audience relevance: Apps that are likely to be more relevant to a particular audience (for example, based on their language settings and license type such as, Education, Enterprise, or Small and Medium business) tend to rank higher than apps that are likely to be less relevant. ++* App update or new release: Newly released or updated high-quality apps tend to rank higher than apps that were released or updated on an earlier date. |
| platform | Teams Store Validation Guidelines | https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/concepts/deploy-and-publish/appsource/prepare/teams-store-validation-guidelines.md | Following these guidelines increases the chances of your app to pass the Microso > [!NOTE] > * Some guidelines may not be applicable to your app. For example, if your app doesn't include a bot, you can ignore bot-related guidelines. > * We've cross-referenced these guidelines to the Microsoft commercial certification policies and added DoΓÇÖs and DonΓÇÖts with examples from pass or fail scenarios encountered in our validation process.-> * Certain guidelines are marked as *Mandatory Fix*. If your app submission doesn't meet these mandatory guidelines, you'll receive a failure report from us with steps to mitigate. Your app submission will pass Microsoft Teams Store Validation only after you have fixed the issues. +> * Certain guidelines are marked as *Mandatory Fix*. If your app submission doesn't meet these mandatory guidelines, you'll receive a failure report from us with steps to mitigate. Your app submission will pass Microsoft Teams store Validation only after you have fixed the issues. > * Other guidelines are marked as *Suggested Fix*. For an ideal user experience, we suggest that you fix the issues, however, your app submission will not be blocked from publishing on the Teams store, if you choose not to fix the issues. For more information on how to implement app authentication, see [authentication * Apps that require tenant admin to complete one time setup must call out dependency on tenant admin to configure the app (before any other tenant user can install and use the app). Dependency must be called out in the appΓÇÖs manifest, AppSource long description, all first run experience touchpoints (bot welcome message, tab setup or config page), help text as considered necessary as part of bot response, compose extension, or static tab content. -* **Content sharing experiences**: Apps that require authentication with an external service to share content in Teams channels must clearly state in the help documentation (or similar resources) on how to disconnect or unshare content if that feature is supported on the external service. This does not mean the ability to un share content must be present in your Teams app. +* **Content sharing experiences**: Apps that require authentication with an external service to share content in Teams channels must clearly state in the help documentation (or similar resources) on how to disconnect or unshare content if that feature is supported on the external service. This doesn't mean the ability to un share content must be present in your Teams app. ## Security > [!NOTE] Bots must always ask permission to upload a file and display a confirmation mess > [!NOTE] > This section is inline with [Microsoft commercial marketplace policy number 1140.3.3](/legal/marketplace/certification-policies#114033-external-domains) and provides developer guidance on usage of restricted domains in the `validDomains` manifest property. -Don't include domains outside of your organization's control (including wildcards) and tunnelling services in your app's domain configurations. The following exceptions include: +Don't include domains outside of your organization's control (including wildcards) and tunneling services in your app's domain configurations. The following exceptions include: * If your app uses the Azure Bot Service's OAuthCard, you must include `token.botframework.com` as a valid domain or the **Sign in** button won't work. * If your app relies on SharePoint, you can include the associated root SharePoint site as a valid domain using the `{teamSiteDomain}` context property. |
| platform | Publish | https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/concepts/deploy-and-publish/appsource/publish.md | When you feel your app is production ready, you can begin the process of getting * [Plan onboarding experience for users](../../design/planning-checklist.md#plan-beyond-app-building) * [Distributing tab apps on mobile](../../../tabs/design/tabs-mobile.md#distribution) * [Test preview for monetized apps](prepare/Test-preview-for-monetized-apps.md)+* [Microsoft Teams store ranking parameters](post-publish/teams-store-ranking-parameters.md) |
| platform | Auth Aad Sso | https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/tabs/how-to/authentication/auth-aad-sso.md | Use the following code to add new properties to your Teams manifest: ### 3. Get an access token from your client-side code +> [!NOTE] +> To avoid errors such as `Teams SDK Error: resourceDisabled`, ensure that Application ID URI is configured properly in Azure AD app registration and in your Teams app. + Use the following authentication API: ```javascript |
| platform | Whats New | https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/whats-new.md | Discover Microsoft Teams platform features that are generally available (GA) and | Date | Update | Find here | | | | |+| 02/23/2022 |Microsoft Teams store ranking parameters| Distribute your app > Publish to the Teams store > [Microsoft Teams store ranking parameters](concepts/deploy-and-publish/appsource/post-publish/teams-store-ranking-parameters.md)| | 02/18/2022 | Introduced extensive Glossary for the Microsoft Teams Developer Documentation to help you find the definition about a term quickly | [Glossary](~/get-started/glossary.md) | | 02/18/2022 | Updated the Overview module for mapping Teams app to organizational goals, user story, and exploring Teams app features | [Overview > Teams app that fits](overview.md) | | 02/18/2022 | Updated the App fundamentals module to Plan your app to include mapping use cases to Teams features, and app planning checklist | [Plan your app > Overview](~/concepts/app-fundamentals-overview.md) | Microsoft Teams platform features that are available to all app developers. | **Date** | **Update** | **Find here** | | -- | | -|+| 02/23/2022 |Microsoft Teams store ranking parameters| Distribute your app > Publish to the Teams store > [Microsoft Teams store ranking parameters](concepts/deploy-and-publish/appsource/post-publish/teams-store-ranking-parameters.md)| | 02/18/2022 | Introduced extensive Glossary for the Microsoft Teams Developer Documentation to help you find the definition about a term quickly | [Glossary](~/get-started/glossary.md) | | 02/18/2022 | Updated the Overview module for mapping Teams app to organizational goals, user story, and exploring Teams app features | [Overview > Teams app that fits](overview.md) | | 02/18/2022 | Updated the App fundamentals module to Plan your app to include mapping use cases to Teams features, and app planning checklist | [Plan your app > Overview](~/concepts/app-fundamentals-overview.md) | |