Updates from: 08/26/2022 01:19:45
Service Microsoft Docs article Related commit history on GitHub Change details
platform API References https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/apps-in-teams-meetings/API-references.md
The following table provides a list of APIs available across the Microsoft Teams
|[**Get app content stage sharing state**](#get-app-content-stage-sharing-state-api)| Fetch information about app's sharing state on the meeting stage. | [MSTC SDK](/javascript/api/@microsoft/teams-js/meeting.iappcontentstagesharingstate) | |[**Get app content stage sharing capabilities**](#get-app-content-stage-sharing-capabilities-api)| Fetch the app's capabilities for sharing to the meeting stage. | [MSTC SDK](/javascript/api/@microsoft/teams-js/meeting.iappcontentstagesharingcapabilities) | |[**Get real-time Teams meeting events**](#get-real-time-teams-meeting-events-api)|Fetch real-time meeting events, such as actual start and end time.| [MSBF SDK](/dotnet/api/microsoft.bot.builder.teams.teamsactivityhandler.onteamsmeetingstartasync?view=botbuilder-dotnet-stable&preserve-view=true) |
-| [**Get incoming audio speaker**](#get-incoming-audio-speaker) | Allows an app to get the incoming audio speaker setting for the meeting user.| [MSTC SDK](/javascript/api/@microsoft/teams-js/microsoftteams.meeting?view=msteams-client-js-latest&preserve-view=true) |
-| [**Toggle incoming audio**](#toggle-incoming-audio) | Allows an app to toggle the incoming audio speaker setting for the meeting user from mute to unmute or vice-versa.| [MSTC SDK](/javascript/api/@microsoft/teams-js/microsoftteams.meeting?view=msteams-client-js-latest&preserve-view=true) |
+| [**Get incoming audio state**](#get-incoming-audio-state) | Allows an app to get the incoming audio state setting for the meeting user.| [MSTC SDK](/javascript/api/@microsoft/teams-js/microsoftteams.meeting?view=msteams-client-js-latest&preserve-view=true) |
+| [**Toggle incoming audio**](#toggle-incoming-audio) | Allows an app to toggle the incoming audio state setting for the meeting user from mute to unmute or vice-versa.| [MSTC SDK](/javascript/api/@microsoft/teams-js/microsoftteams.meeting?view=msteams-client-js-latest&preserve-view=true) |
## Get user context API
The following code provides an example of meeting end event payload:
| **value.EndTime** | The meeting end time in UTC. | | **locale**| The locale of the message set by the client. |
-## Get incoming audio speaker
+## Get incoming audio state
-The `getIncomingClientAudioState` API allows an app to get the incoming audio speaker setting for the meeting user. The API is available through the Teams client SDK.
+The `getIncomingClientAudioState` API allows an app to get the incoming audio state setting for the meeting user. The API is available through the Teams client SDK.
> [!NOTE] > > * The `getIncomingClientAudioState` API for mobile is currently available in [Public Developer Preview](../resources/dev-preview/developer-preview-intro.md). > * Resource specific consent is available for manifest version 1.12 and later versions, hence this API doesn't work for manifest version 1.11 and earlier versions.
-### Query parameter
-
-The following table includes the query parameter:
-
-|Value|Type|Required|Description|
-|||-||
-|**callback**| String | Yes | Callback contains two parameters `error` and `result`. The *error* can either contain an error type `SdkError` or `null` when the audio fetch is successful. The *result* can either contain true or false value when the audio fetch is successful or null when the audio fetch fails. The incoming audio is muted if the result is true and unmuted if the result is false. |
+### Manifest
+```JSON
+"authorization": {
+ "permissions": {
+ "resourceSpecific": [
+ {
+ "name": "OnlineMeetingParticipant.ToggleIncomingAudio.Chat",
+ "type": "Delegated"
+ }
+ ]
+ }
+ }
+```
+
### Example
-```typescript
-function getIncomingClientAudioState(
- callback: (error: SdkError | null, result: boolean | null) => void,
- ): void {
- if (!callback) {
- throw new Error('[get incoming client audio state] Callback cannot be null');
+```javascript
+callback = (errcode, result) => {
+ if (errcode) {
+ // Handle error code
+ }
+ else {
+ // Handle success code
+ }
}
- ensureInitialized(FrameContexts.sidePanel, FrameContexts.meetingStage);
- sendMessageToParent('getIncomingClientAudioState', callback);
- }
+microsoftTeams.meeting.getIncomingClientAudioState(this.callback)
```
+### Query parameter
+The following table includes the query parameter:
+
+|Value|Type|Required|Description|
+|||-||
+|**callback**| String | Yes | Callback contains two parameters `error` and `result`. The *error* can either contain an error type `SdkError` or `null` when the audio fetch is successful. The *result* can either contain true or false value when the audio fetch is successful or null when the audio fetch fails. The incoming audio is muted if the result is true and unmuted if the result is false. |
+
### Response codes The following table provides the response codes:
The following table provides the response codes:
## Toggle incoming audio
-The `toggleIncomingClientAudio` API allows an app to toggle the incoming audio speaker setting for the meeting user from mute to unmute or vice-versa. The API is available through the Teams client SDK.
+The `toggleIncomingClientAudio` API allows an app to toggle the incoming audio state setting for the meeting user from mute to unmute or vice-versa. The API is available through the Teams client SDK.
> [!NOTE] > > * The `toggleIncomingClientAudio` API for mobile is currently available in [Public Developer Preview](../resources/dev-preview/developer-preview-intro.md). > * Resource specific consent is available for manifest version 1.12 and later versions, hence this API doesn't work for manifest version 1.11 and earlier versions.
-### Query parameter
-
-The following table includes the query parameter:
-
-|Value|Type|Required|Description|
-|||-||
-|**callback**| String | Yes | Callback contains two parameters `error` and `result`. The *error* can either contain an error type `SdkError` or `null` when the toggle is successful. The *result* can either contain true or false value, when the toggle is successful or null when the toggle fails. The incoming audio is muted if the result is true and unmuted if the result is false. |
+### Manifest
+```JSON
+"authorization": {
+ "permissions": {
+ "resourceSpecific": [
+ {
+ "name": "OnlineMeetingParticipant.ToggleIncomingAudio.Chat",
+ "type": "Delegated"
+ }
+ ]
+ }
+}
+```
+
### Example
-```typescript
-function toggleIncomingClientAudio(callback: (error: SdkError | null, result: boolean | null) => void): void {
- if (!callback) {
- throw new Error('[toggle incoming client audio] Callback cannot be null');
+```javascript
+callback = (error, result) => {
+ if (error) {
+ // Handle error code
+ }
+ else {
+ // Handle success code
+ }
}
- ensureInitialized(FrameContexts.sidePanel, FrameContexts.meetingStage);
- sendMessageToParent('toggleIncomingClientAudio', callback);
- }
+microsoftTeams.meeting.toggleIncomingClientAudio(this.callback)
```
+
+### Query parameter
+
+The following table includes the query parameter:
+|Value|Type|Required|Description|
+|||-||
+|**callback**| String | Yes | Callback contains two parameters `error` and `result`. The *error* can either contain an error type `SdkError` or `null` when the toggle is successful. The *result* can either contain true or false value, when the toggle is successful or null when the toggle fails. The incoming audio is muted if the result is true and unmuted if the result is false.
+
### Response code The following table provides the response codes:
platform Analyze Your Apps Usage In Developer Portal https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/concepts/build-and-test/analyze-your-apps-usage-in-developer-portal.md
You can view your app's usage and other insights from the **Analytics** page. To
1. Select the required app from the **Apps** page. 1. Select **Analytics** under the **Overview** or select **View details** under the **Active Users (Preview)** card.
- :::image type="content" source="../../assets/images/tdp/dev-app-portal.png" alt-text="The screenshots shows you the analytics page of your app in Developer Portal."lightbox="../../assets/images/tdp/dev-app-portal.png":::
+ :::image type="content" source="../../assets/images/tdp/dev-app-portal.png" alt-text="The screenshots shows you the analytics page of your app in Developer Portal."lightbox="../../assets/images/tdp/dev-app-portal.png":::
As you explore individual metrics on this page, you can use the **Filter** button to analyze your app's usage from the following filter options:
platform Deep Links https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/concepts/build-and-test/deep-links.md
The Microsoft Teams JavaScript client SDK (TeamsJS) simplifies the process of na
[!INCLUDE [sdk-include](~/includes/sdk-include.md)] > [!NOTE]
->
> The behavior of deep links is dependent on a number of factors. The following list outlines the behavior of deep links on Teams entities. > > **Tab**:
platform Manage Your Apps In Developer Portal https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/concepts/build-and-test/manage-your-apps-in-developer-portal.md
To add a bot:
1. In the Bot management page, select **New Bot**. 1. Enter the name and select **Add**.
+ :::image type="content" source="../../assets/images/tdp/tools-in-dev-portal.png" alt-text="The screenshot is an example that shows the tools in developer portal, which helps you to build key features.":::
-From the Developer portal, you can go to Bot framework portal and configure your bot to update icon and other properties.
+From the Developer Portal, you can go to Bot Framework Portal and configure your bot to update icon and other properties.
## See also
platform Fetch Id https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/graph-api/meeting-transcripts/fetch-id.md
To obtain meeting ID and organizer ID from tenant-level notification:
Use the following example to request the transcript ID: ```http
- GET https://graph.microsoft.com/beta/users('14b779ae-cb64-47e7-a512-52fd50a4154d')/onlineMeetings/('MSoxNGI3NzlhZS1jYjY0LTQ3ZTctYTUxMi01MmZkNTBhNDE1NGQqMCoqMTk6bWVldGluZ19ObVUwTlRreFl6TXRNMlkyTXkwME56UmxMV0ZtTjJZdE5URmlNR001T1dNM1pqWTJAdGhyZWFkLnYy')/transcripts
+ GET https://graph.microsoft.com/beta/users('14b779ae-cb64-47e7-a512-52fd50a4154d')/onlineMeetings('MSoxNGI3NzlhZS1jYjY0LTQ3ZTctYTUxMi01MmZkNTBhNDE1NGQqMCoqMTk6bWVldGluZ19ObVUwTlRreFl6TXRNMlkyTXkwME56UmxMV0ZtTjJZdE5URmlNR001T1dNM1pqWTJAdGhyZWFkLnYy')/transcripts
``` In this example:
platform Sdk Include https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/includes/sdk-include.md
> [!NOTE] > This topic reflects version 2.0.x of the Microsoft Teams JavaScript client SDK. If you are using an earlier version, refer to the [Teams JS SDK overview](msteams-docs/msteams-platform/tabs/how-to/../../../../../tabs/how-to/using-teams-client-sdk.md) for guidance on the differences between the latest TeamsJS and earlier versions.-
platform Add Authentication https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/messaging-extensions/how-to/add-authentication.md
[!include[v4-to-v3-SDK-pointer](~/includes/v4-to-v3-pointer-me.md)]
+> [!NOTE]
+> After adding authentication to the message extension, the user must add "**token.botframework.com**" to the "**validDomains**" section in the manifest.
+ ## Identify the user Every request to your services includes the user ID, the user's display name, and Azure Active Directory object ID.
To prompt an unauthenticated user, to sign in, respond with a suggested action o
Your sign in experience must be responsive and fit within a pop-up window. It should integrate with the [Microsoft Teams JavaScript client SDK](/javascript/api/overview/msteams-client), which uses message passing.
-As with other embedded experiences running inside Microsoft Teams, your code inside the window needs to first call `microsoftTeams.initialize()`. If your code performs an OAuth flow, you can pass the Teams user ID into your window, which then passes it to the OAuth sign-in URL.
+As with other embedded experiences running inside Microsoft Teams, your code inside the window needs to first call `app.initialize()`. If your code performs an OAuth flow, you can pass the Teams user ID into your window, which then passes it to the OAuth sign-in URL.
### Complete the sign in flow When the sign in request completes and redirects back to your page, it must perform the following steps: 1. Generate a security code, a random number. You must cache this code on your service, with the credentials obtained through the sign-in flow, such as OAuth 2.0 tokens.
-1. Call `microsoftTeams.authentication.notifySuccess` and pass the security code.
+1. Call `authentication.notifySuccess` and pass the security code.
At this point, the window closes and the control is passed to the Teams client. The client now reissues the original user query, along with the security code in the `state` property. Your code can use the security code to look up the credentials stored earlier to complete the authentication sequence and then complete the user request.
platform Auth Flow Tab https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/tabs/how-to/authentication/auth-flow-tab.md
You can enable authentication in your tab app using third party OAuth Identity P
> For authentication to work for your tab on mobile clients, you need to ensure that you're using at least 1.4.1 version of the Microsoft Teams JavaScript SDK. > Teams SDK launches separate window for authentication flow. Set the `SameSite` attribute to **Lax**. Teams desktop client or older versions of Chrome or Safari do not support `SameSite`=None. + ## Use OAuth IdP to enable authentication OAuth 2.0 is an open standard for authentication and authorization used by Microsoft Azure Active Directory (Azure AD) and many other identity providers. A basic understanding of OAuth 2.0 is a prerequisite for working with authentication in Teams. For more information, see [OAuth 2 simplified](https://aaronparecki.com/oauth-2-simplified/) that is easier to follow than the [formal specification](https://oauth.net/2/). Authentication flow for tabs and bots are different because tabs are similar to websites so they can use OAuth 2.0 directly. Bots do a few things differently, but the core concepts are identical.
For example, the authentication flow for tabs and bots using Node and the [OAuth
This section uses Azure AD as an example of a third party OAuth provider for enabling authentication in a tab app. > [!NOTE]
-> Before showing a **Login** button to the user and calling the `microsoftTeams.authentication.authenticate` API in response to selecting the button, you must wait for the SDK initialization to complete. You can pass a callback to the `microsoftTeams.initialize` API that is called when initialization completes.
+> Before showing a **Login** button to the user and calling the `authentication.authenticate` API in response to selecting the button, you must wait for the SDK initialization to complete. You can chain a `.then()` handler or `await` for the `app.initialize()` function to complete.
![Tab authentication sequence diagram](~/assets/images/authentication/tab_auth_sequence_diagram.png) 1. The user interacts with the content on the tab configuration or content page, commonly a **Sign in** or **Log in** button.
-2. The tab constructs the URL for its auth start page. Optionally, it uses information from URL placeholders or calls `microsoftTeams.getContext()` Teams client SDK method to streamline the authentication experience for the user. For example, when authenticating with A Azure AD, if the `login_hint` parameter is set to the user's email address, the user doesn't have to sign in if they've done so recently. This is because Azure AD uses the user's cached credentials. The pop-up window is shown briefly and then disappears.
-3. The tab then calls the `microsoftTeams.authentication.authenticate()` method and registers the `successCallback` and `failureCallback` functions.
+2. The tab constructs the URL for its auth start page. Optionally, it uses information from URL placeholders or calls `app.getContext()` Teams client SDK method to streamline the authentication experience for the user. For example, when authenticating with Azure AD, if the `login_hint` parameter is set to the user's email address, the user doesn't have to sign in if they've done so recently. This is because Azure AD uses the user's cached credentials. The pop-up window is shown briefly and then disappears.
+3. The tab then calls the `authentication.authenticate()` method.
4. Teams opens the start page in an iframe in a pop-up window. The start page generates random `state` data, saves it for future validation, and redirects to the identity provider's `/authorize` endpoint, such as `https://login.microsoftonline.com/<tenant ID>/oauth2/authorize` for Azure AD. Replace `<tenant id>` with your own tenant id that is context.tid. Similar to other application auth flows in Teams, the start page must be on a domain that is in its `validDomains` list, and on the same domain as the post sign in redirect page.
Similar to other application auth flows in Teams, the start page must be on a do
5. On the provider's site, the user sign in and grants access to the tab. 6. The provider takes the user to the tab's OAuth 2.0 redirect page with an access token.
-7. The tab checks that the returned `state` value matches what was saved earlier, and calls `microsoftTeams.authentication.notifySuccess()`, which in turn calls the `successCallback` function registered in step 3.
+7. The tab checks that the returned `state` value matches what was saved earlier, and calls `authentication.notifySuccess()`, which in turn calls the success handler (`.then()`) for the promise-based `authenticate()` method from step 3.
8. Teams closes the pop-up window. 9. The tab either displays configuration UI, refreshes, or reloads the tabs content, depending on where the user started from.
Similar to other application auth flows in Teams, the start page must be on a do
## Treat tab context as hints
-Although the tab context provides helpful information regarding the user, don't use this information to authenticate the user. Do authenticate the user even if you get the information as URL parameters to your tab content URL or by calling the `microsoftTeams.getContext()` function in the Microsoft Teams client SDK. A malicious actor can invoke your tab content URL with its own parameters. The actor can also invoke a web page impersonating Microsoft Teams to load your tab content URL in an iframe and return its own data to the `getContext()` function. You must treat the identity-related information in the tab context as a hint and validate it before using. Refer to the notes in [navigate to the authorization page from your pop-up page](~/tabs/how-to/authentication/auth-tab-aad.md#navigate-to-the-authorization-page-from-your-pop-up-page).
+Although the tab context provides helpful information regarding the user, don't use this information to authenticate the user. Do authenticate the user even if you get the information as URL parameters to your tab content URL or by calling the `app.getContext()` function in the Microsoft Teams client SDK. A malicious actor can invoke your tab content URL with its own parameters. The actor can also invoke a web page impersonating Microsoft Teams to load your tab content URL in an iframe and return its own data to the `getContext()` function. You must treat the identity-related information in the tab context as a hint and validate it before using. Refer to the notes in [navigate to the authorization page from your pop-up page](~/tabs/how-to/authentication/auth-tab-aad.md#navigate-to-the-authorization-page-from-your-pop-up-page).
## Code sample
platform Auth Oauth Provider https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/tabs/how-to/authentication/auth-oauth-provider.md
ms.localizationpriority: high
# Use external OAuth providers + You can support external or third-party (3P) OAuth providers, such as Google, GitHub, LinkedIn, and Facebook using the updated `authenticate()` API: ```JavaScript
-function authenticate(authenticateParameters?: AuthenticateParameters)
-```
+function authenticate(authenticateParameters: AuthenticatePopUpParameters): Promise<string>
+```
The following are added to the `authenticate()` API to support external OAuth providers: * `isExternal` parameter * Two placeholder values in the existing `url` parameter
-The following table provides the list of `authenticate()` API parameters and functions along with their descriptions:
+The following table provides the list of `authenticate()` API parameters (`AuthenticatePopUpParameters`) and functions along with their descriptions:
| Parameter| Description| | | | |`isExternal` | The type of parameter is Boolean, which indicates that the auth window opens in an external browser.|
-|`failureCallback`| The function is called if the authentication fails and the authentication pop-up specifies the reason for failure.|
|`height` |The preferred height for the pop-up. The value can be ignored if outside the acceptable bounds.|
-|`successCallback`| The function is called if the authentication succeeds, with the result returned from the authentication pop-up. Authcode is the result.|
|`url` <br>|The URL of 3P app server for the authentication pop-up, with the following two parameter placeholders:</br> <br> - `oauthRedirectMethod`: Pass placeholder in `{}`. This placeholder is replaced by deeplink or web page by Teams platform, which informs app server if the call is coming from mobile platform.</br> <br> - `authId`: This placeholder is replaced by UUID. The app server uses it to maintain session.| |`width`|The preferred width for the pop-up. The value can be ignored if outside the acceptable bounds.|
-For more information on parameters, see [authenticate parameters interface](/javascript/api/@microsoft/teams-js/microsoftteams.authentication.authenticateparameters?view=msteams-client-js-latest&preserve-view=true).
+For more information on parameters, see the [authenticate(AuthenticatePopUpParameters)](/javascript/api/@microsoft/teams-js/authentication#@microsoft-teams-js-authentication-authenticate) function.
## Add authentication to external browsers
The following image provides the flow to add authentication to external browsers
1. Initiate the external auth-login process.
- The 3P app calls the SDK function `microsoftTeams.authentication.authenticate` with `isExternal` set as true to initiate the external auth-login process.
+ The 3P app calls the SDK function `authentication.authenticate` with `isExternal` set as true to initiate the external auth-login process.
The passed `url` contains placeholders for `{authId}`, and `{oauthRedirectMethod}`. ```JavaScript
- microsoftTeams.authentication.authenticate({
+ import { authentication } from "@microsoft/teams-js";
+ authentication.authenticate({
url: 'https://3p.app.server/auth?oauthRedirectMethod={oauthRedirectMethod}&authId={authId}', isExternal: true, successCallback: function (result) {
The following image provides the flow to add authentication to external browsers
2. Teams link opens in an external browser.
- The Teams clients open the URL in an external browser after replacing the placeholders for `oauthRedirectMethod` and `authId` with suitable values.
+ The Teams clients open the URL in an external browser after replacing the placeholders for `oauthRedirectMethod` and `authId` with suitable values.
#### Example
The following image provides the flow to add authentication to external browsers
|`authId` | The request-id Teams created for this specific authentication request that needs to be sent back to Teams through deeplink.| > [!TIP]
- > The 3P app can marshal `authId`, `oauthRedirectMethod` in the OAuth `state` query parameter while generating the login URL for the OAuthProvider. The `state` contains the passed `authId` and `oauthRedirectMethod`, when OAuthProvider redirects back to the 3P server and the 3P app uses the values for sending authentication response back to Teams as described in **6. The 3P app server response to Teams**.
+ > The 3P app can marshal `authId`, `oauthRedirectMethod` in the OAuth `state` query parameter while generating the login URL for the OAuthProvider. The `state` contains the passed `authId` and `oauthRedirectMethod`, when OAuthProvider redirects back to the 3P server and the 3P app uses the values for sending authentication response back to Teams as described in **6. The 3P app server response to Teams**.
4. The 3P app server redirects to specified `url`.
- The 3P app server redirects to OAuth providers auth page in the external browser. The `redirect_uri` is a dedicated route on the 3P app server. You can register `redirect_uri` in the OAuth providerΓÇÖs dev console as static, the parameters need to be sent through the state object.
+ The 3P app server redirects to OAuth providers auth page in the external browser. The `redirect_uri` is a dedicated route on the 3P app server. You can register `redirect_uri` in the OAuth providerΓÇÖs dev console as static, the parameters need to be sent through the state object.
#### Example
platform Auth Silent Aad https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/tabs/how-to/authentication/auth-silent-aad.md
Include Active Directory Authentication Library in your tab pages and configure
### Get the user context
-In the tab's content page, call `microsoftTeams.getContext()` to get a sign-in hint for the current user. The hint is used as a `loginHint` in the call to Azure AD.
+In the tab's content page, call `app.getContext()` to get a sign-in hint for the current user. The hint is used as a `loginHint` in the call to Azure AD.
```javascript // Set up extra query parameters for Active Directory Authentication Library
authContext.acquireToken(config.clientId, function (errDesc, token, err, tokenTy
Active Directory Authentication Library parses the result from Azure AD by calling `AuthenticationContext.handleWindowCallback(hash)` in the sign-in callback page.
-Check that you have a valid user and call `microsoftTeams.authentication.notifySuccess()` or `microsoftTeams.authentication.notifyFailure()` to report the status to your main tab content page.
+Check that you have a valid user and call `authentication.notifySuccess()` or `authentication.notifyFailure()` to report the status to your main tab content page.
```javascript
+import { authentication } from "@microsoft/teams-js";
if (authContext.isCallback(window.location.hash)) { authContext.handleWindowCallback(window.location.hash); if (window.parent === window) { if (authContext.getCachedUser()) {
- microsoftTeams.authentication.notifySuccess();
+ authentication.notifySuccess();
} else {
- microsoftTeams.authentication.notifyFailure(authContext.getLoginError());
+ authentication.notifyFailure(authContext.getLoginError());
} } }
platform Auth Tab Aad https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/tabs/how-to/authentication/auth-tab-aad.md
Teams user profile information is stored in Azure AD using Microsoft Graph and t
OAuth 2.0 is an open standard for authentication used by Azure AD and many other service providers. Understanding OAuth 2.0 is a prerequisite for working with authentication in Teams and Azure AD. The examples below use the OAuth 2.0 Implicit Grant flow. It reads the user's profile information from Azure AD and Microsoft Graph.
-The code in this article comes from the Teams sample app [Microsoft Teams tab authentication sample (Node)](https://github.com/OfficeDev/microsoft-teams-sample-complete-node). It contains a static tab that requests an access token for Microsoft Graph, and shows the current user's basic profile information from Azure AD.
+The code in this article comes from the Teams sample app [Microsoft Teams Authentication Sample (Node)](https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/app-auth/nodejs). It contains a static tab that requests an access token for Microsoft Graph, and shows the current user's basic profile information from Azure AD.
For overview of authentication flow for tabs, see [Authentication flow in tabs](~/tabs/how-to/authentication/auth-flow-tab.md). Authentication flow in tabs differs from authentication flow in bots. + ## Configure your app to use Azure AD as an identity provider Identity providers that support OAuth 2.0 don't authenticate requests from unknown applications. You must register the applications ahead of time. To do this with Azure AD, follow these steps:
Authentication flow should be triggered by a user action. You shouldn't open the
Add a button to your configuration or content page to enable the user to sign in when needed. This can be done in the tab [configuration](~/tabs/how-to/create-tab-pages/configuration-page.md) page or any [content](~/tabs/how-to/create-tab-pages/content-page.md) page.
-Azure AD, like most identity providers, doesn't allow its content to be placed in an `iframe`. This means that you'll need to add a pop-up page to host the identity provider. In the following example, this page is `/tab-auth/simple-start`. Use the `microsoftTeams.authenticate()` function of the Microsoft Teams client SDK to launch this page when the button is selected.
+Azure AD, like most identity providers, doesn't allow its content to be placed in an `iframe`. This means that you'll need to add a pop-up page to host the identity provider. In the following example, this page is `/tab-auth/simple-start`. Use the `authentication.authenticate()` function of the Microsoft Teams client SDK to launch this page when the button is selected.
+
+# [TeamsJS v2](#tab/teamsjs-v2)
+
+```javascript
+import { authentication } from "@microsoft/teams-js";
+authentication.authenticate({
+ url: window.location.origin + "/tab/simple-start-v2"),
+ width: 600,
+ height: 535})
+.then((result) => {
+ console.log("Login succeeded: " + result);
+ let data = localStorage.getItem(result);
+ localStorage.removeItem(result);
+ let tokenResult = JSON.parse(data);
+ showIdTokenAndClaims(tokenResult.idToken);
+ getUserProfile(tokenResult.accessToken);
+})
+.catch((reason) => {
+ console.log("Login failed: " + reason);
+ handleAuthError(reason);
+});
+```
+
+# [TeamsJS v1](#tab/teamsjs-v1)
```javascript microsoftTeams.authentication.authenticate({
microsoftTeams.authentication.authenticate({
} }); ```+ ### Notes
-* The URL you pass to `microsoftTeams.authentication.authenticate()` is the start page of the authentication flow. In this example that is `/tab-auth/simple-start`. This should match what you registered in the [Azure AD Application Registration Portal](https://apps.dev.microsoft.com).
+* The URL you pass to `authenticate()` is the start page of the authentication flow. In this example that is `/tab-auth/simple-start`. This should match what you registered in the [Azure AD Application Registration Portal](https://apps.dev.microsoft.com).
* Authentication flow must start on a page that's on your domain. This domain should also be listed in the [`validDomains`](~/resources/schem#validdomains) section of the manifest. Failure to do so will result in an empty pop-up.
-* Failing to use `microsoftTeams.authentication.authenticate()` will cause a problem with the pop-up not closing at the end of the sign-in process.
+* Failing to use `authenticate()` will cause a problem with the pop-up not closing at the end of the sign-in process.
## Navigate to the authorization page from your pop-up page
-When your pop-up page (`/tab-auth/simple-start`) is displayed the following code is run. The main goal of this page is to redirect to your identity provider so the user can sign-in. This redirection could be done on the server side using HTTP 302, but in this case it's done on the client side using with a call to `window.location.assign()`. This also allows `microsoftTeams.getContext()` to be used to retrieve hinting information, which can be passed to Azure AD.
+When your pop-up page (`/tab-auth/simple-start`) is displayed the following code is run. The main goal of the page is to redirect to your identity provider so the user can sign-in. This redirection can be done on the server side using HTTP 302, but in this case it's done on the client side using a call to `window.location.assign()`. This also allows `app.getContext()` to be used to retrieve hinting information, which can be passed to Azure AD.
+
+# [TeamsJS v2](#tab/teamsjs-v2)
+
+```javascript
+app.getContext().then((context) => {
+ // Generate random state string and store it, so we can verify it in the callback
+ let state = _guid(); // _guid() is a helper function in the sample
+ localStorage.setItem("simple.state", state);
+ localStorage.removeItem("simple.error");
+
+ // Go to the Azure AD authorization endpoint
+ let queryParams = {
+ client_id: "{{appId}}",
+ response_type: "id_token token",
+ response_mode: "fragment",
+ scope: "https://graph.microsoft.com/User.Read openid",
+ redirect_uri: window.location.origin + "/tab/simple-end",
+ nonce: _guid(),
+ state: state,
+ // The context object is populated by Teams; the loginHint attribute
+ // is used as hinting information
+ login_hint: context.user.loginHint,
+ };
+
+ let authorizeEndpoint = `https://login.microsoftonline.com/${context.user.tenant.id}/oauth2/v2.0/authorize?${toQueryString(queryParams)}`;
+ window.location.assign(authorizeEndpoint);
+});
+```
+
+# [TeamsJS v1](#tab/teamsjs-v1)
```javascript microsoftTeams.getContext(function (context) {
microsoftTeams.getContext(function (context) {
}); ``` ++ After the user completes authorization, the user is redirected to the callback page you specified for your app at `/tab-auth/simple-end`. ### Notes * See [get user context information](~/tabs/how-to/access-teams-context.md) for help building authentication requests and URLs. For example, you can use the user's login name as the `login_hint` value for Azure AD sign in, which means the user might need to type less. Remember that you shouldn't use this context directly as proof of identity since an attacker could load your page in a malicious browser and provide it with any information they want.
-* Although the tab context provides useful information regarding the user, don't use this information to authenticate the user whether you get it as URL parameters to your tab content URL or by calling the `microsoftTeams.getContext()` function in the Microsoft Teams client SDK. A malicious actor could invoke your tab content URL with its own parameters, and a web page impersonating Microsoft Teams could load your tab content URL in an iframe and return its own data to the `getContext()` function. You should treat the identity-related information in the tab context simply as hints and validate them before use.
+* Although the tab context provides useful information regarding the user, don't use this information to authenticate the user whether you get it as URL parameters to your tab content URL or by calling the `app.getContext()` function in the Microsoft Teams client SDK. A malicious actor could invoke your tab content URL with its own parameters, and a web page impersonating Microsoft Teams could load your tab content URL in an iframe and return its own data to the `getContext()` function. You should treat the identity-related information in the tab context simply as hints and validate them before use.
* The `state` parameter is used to confirm that the service calling the callback URI is the service you called. If the `state` parameter in the callback doesn't match the parameter you sent during the call, then the return call isn't verified and should be terminated. * It isn't necessary to include the identity provider's domain in the `validDomains` list in the app's manifest.json file.
After the user completes authorization, the user is redirected to the callback p
In the last section, you called the Azure AD authorization service and passed in user and app information so that Azure AD could present the user with its own monolithic authorization experience. Your app has no control over what happens in this experience. All it knows is what is returned when Azure AD calls the callback page that you provided (`/tab-auth/simple-end`).
-In this page, you need to determine success or failure based on the information returned by Azure AD and call `microsoftTeams.authentication.notifySuccess()` or `microsoftTeams.authentication.notifyFailure()`. If the login was successful, you'll have access to service resources.
+In this page, you need to determine success or failure based on the information returned by Azure AD and call `authentication.notifySuccess()` or `authentication.notifyFailure()`. If the login was successful, you'll have access to service resources.
-````javascript
+```javascript
// Split the key-value pairs passed from Azure AD // getHashParameters is a helper function that parses the arguments sent // to the callback URL by Azure AD after the authorization call let hashParams = getHashParameters(); if (hashParams["error"]) { // Authentication/authorization failed
- microsoftTeams.authentication.notifyFailure(hashParams["error"]);
+ localStorage.setItem("simple.error", JSON.stringify(hashParams));
} else if (hashParams["access_token"]) { // Get the stored state parameter and compare with incoming state
- // This validates that the data is coming from Azure AD
let expectedState = localStorage.getItem("simple.state"); if (expectedState !== hashParams["state"]) { // State does not match, report error
- microsoftTeams.authentication.notifyFailure("StateDoesNotMatch");
+ localStorage.setItem("simple.error", JSON.stringify(hashParams));
+ authentication.notifyFailure("StateDoesNotMatch");
} else {
- // Success: return token information to the tab
- microsoftTeams.authentication.notifySuccess({
+ // Success -- return token information to the parent page.
+ // Use localStorage to avoid passing the token via notifySuccess; instead we send the item key.
+ let key = "simple.result";
+ localStorage.setItem(key, JSON.stringify({
idToken: hashParams["id_token"], accessToken: hashParams["access_token"], tokenType: hashParams["token_type"], expiresIn: hashParams["expires_in"]
- })
+ }));
+ authentication.notifySuccess(key);
} } else { // Unexpected condition: hash does not contain error or access_token parameter
- microsoftTeams.authentication.notifyFailure("UnexpectedFailure");
+ localStorage.setItem("simple.error", JSON.stringify(hashParams));
+ authentication.notifyFailure("UnexpectedFailure");
}
-````
+```
This code parses the key-value pairs received from Azure AD in `window.location.hash` using the `getHashParameters()` helper function. If it finds an `access_token`, and the `state` value is the same as the one provided at the start of the authentication flow, it returns the access token to the tab by calling `notifySuccess()`; otherwise it reports an error with `notifyFailure()`.
platform Create Channel Group Tab https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/tabs/how-to/create-channel-group-tab.md
zone_pivot_groups: teams-app-environment
Channel or group tabs deliver content to channels and group chats, and are a great way to create collaborative spaces around dedicated web-based content.
+Ensure that you have all the [prerequisites](~/tabs/how-to/tab-requirements.md) to build your channel or group tab.
+ [!INCLUDE [sdk-include](~/includes/sdk-include.md)] ::: zone pivot="node-java-script"
gulp ngrok-serve
>"composeExtensions": [], >```
-1. Follow the directions for adding a tab. There is a custom configuration dialog for your channel or group tab.
+1. Follow the directions for adding a tab. There's a custom configuration dialog for your channel or group tab.
1. Select **Save** and your tab is added to the channel's tab bar. :::image type="content" source="~/assets/images/tab-images/channeltabuploaded.png" alt-text="Channel tab uploaded":::
- Now you have succesfully created and added your channel or group tab in Teams.
+ Now you've successfully created and added your channel or group tab in Teams.
::: zone-end
Following are the steps to create a channel or group tab:
#### Startup.cs
-This project was created from an ASP.NET Core 3.1 web application empty template with the **Advanced * Configure for HTTPS** check box selected at setup. The MVC services are registered by the dependency injection framework's `ConfigureServices()` method. Additionally, the empty template does not enable serving static content by default, so the static files middleware is added to the `Configure()` method using the following code:
+This project was created from an ASP.NET Core 3.1 web application empty template with the **Advanced * Configure for HTTPS** check box selected at setup. The MVC services are registered by the dependency injection framework's `ConfigureServices()` method. Additionally, the empty template doesn't enable serving static content by default, so the static files middleware is added to the `Configure()` method using the following code:
```csharp public void ConfigureServices(IServiceCollection services)
Ensure that you keep the command prompt with ngrok running and make a note of th
1. In Visual Studio Solution Explorer go to the **Pages** folder and open **Tab.cshtml**
- Within **Tab.cshtml** the application presents the user with two options for displaying the tab with a red or gray icon. The **Select Gray** or **Select Red** button triggers `saveGray()` or `saveRed()` respectively, sets `pages.config.setValidityState(true)`, and enables **Save** on the configuration page. This code lets Teams know that you have completed the requirements configuration and can proceed with the installation. The parameters of `pages.config.setConfig` are set. Finally, `saveEvent.notifySuccess()` is called to indicate that the content URL has been successfully resolved.
+ Within **Tab.cshtml** the application presents the user with two options for displaying the tab with a red or gray icon. The **Select Gray** or **Select Red** button triggers `saveGray()` or `saveRed()` respectively, sets `pages.config.setValidityState(true)`, and enables **Save** on the configuration page. This code lets Teams know that you've completed the requirements configuration and can proceed with the installation. The parameters of `pages.config.setConfig` are set. Finally, `saveEvent.notifySuccess()` is called to indicate that the content URL has been successfully resolved.
1. Update the `websiteUrl` and `contentUrl` values in each function with the HTTPS ngrok URL to your tab.
Ensure that you keep the command prompt with ngrok running and make a note of th
:::image type="content" source="~/assets/images/tab-images/channeltabaspnetuploaded.png" alt-text="Channel tab ASPNET uploaded":::
- Now you have succesfully created and added your channel or group tab in Teams.
+ Now you've successfully created and added your channel or group tab in Teams.
::: zone-end
Following are the steps to create a channel or group tab:
#### Startup.cs
-This project was created from an ASP.NET Core 3.1 web application empty template with the **Advanced - Configure for HTTPS** check box selected at setup. The MVC services are registered by the dependency injection framework's `ConfigureServices()` method. Additionally, the empty template does not enable serving static content by default, so the static files middleware is added to the `Configure()` method using the following code:
+This project was created from an ASP.NET Core 3.1 web application empty template with the **Advanced - Configure for HTTPS** check box selected at setup. The MVC services are registered by the dependency injection framework's `ConfigureServices()` method. Additionally, the empty template doesn't enable serving static content by default, so the static files middleware is added to the `Configure()` method using the following code:
```csharp public void ConfigureServices(IServiceCollection services)
Ensure that you keep the command prompt with ngrok running and make a note of th
1. In Visual Studio Solution Explorer go to the **Tab** folder and open **Tab.cshtml**
- Within **Tab.cshtml** the application presents the user with two options for displaying the tab with a red or gray icon. The **Select Gray** or **Select Red** button triggers `saveGray()` or `saveRed()` respectively, sets `pages.config.setValidityState(true)`, and enables **Save** on the configuration page. This code lets Teams know that you have completed the requirements configuration and can proceed with the installation. The parameters of `pages.config.setConfig` are set. Finally, `saveEvent.notifySuccess()` is called to indicate that the content URL has been successfully resolved.
+ Within **Tab.cshtml** the application presents the user with two options for displaying the tab with a red or gray icon. The **Select Gray** or **Select Red** button triggers `saveGray()` or `saveRed()` respectively, sets `pages.config.setValidityState(true)`, and enables **Save** on the configuration page. This code lets Teams know that you've completed the requirements configuration and can proceed with the installation. The parameters of `pages.config.setConfig` are set. Finally, `saveEvent.notifySuccess()` is called to indicate that the content URL has been successfully resolved.
1. Update the `websiteUrl` and `contentUrl` values in each function with the HTTPS ngrok URL to your tab.
Ensure that you keep the command prompt with ngrok running and make a note of th
:::image type="content" source="~/assets/images/tab-images/channeltabaspnetuploaded.png" alt-text="Channel tab ASPNET MVC uploaded":::
- Now you have succesfully created and added your channel or group tab in Teams.
+ Now you've successfully created and added your channel or group tab in Teams.
::: zone-end
platform Content Page https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/tabs/how-to/create-tab-pages/content-page.md
You need to focus on making your tab design clean, navigation intuitive, and con
For your page to display in Teams, you must include the [Microsoft Teams JavaScript client SDK](/javascript/api/overview/msteams-client?view=msteams-client-js-latest&preserve-view=true) and include a call to `app.initialize()` after your page loads.
+> [!NOTE]
+> It takes close to 24-48 hours for any content or UI changes to reflect in the tab app due to cache.
+ The following code provides an example of how your page and the Teams client communicate: # [TeamsJS v2](#tab/teamsjs-v2)
platform Cards Reference https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/task-modules-and-cards/cards/cards-reference.md
Title: Types of cards
-description: In this module, learn what are cards and card actions available to bots in Teams and create a hero, thumbnail and adaptive cards
+description: In this module, learn what are cards and card actions available to bots in Teams and create a hero, thumbnail and adaptive cards.
ms.localizationpriority: high
You can identify and use different types of cards based on your application requ
| Signin card | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | > [!NOTE]
-> For Adaptive Cards in Incoming Webhooks, all native Adaptive Card schema elements, except `Action.Submit`, are fully supported. The supported actions are [**Action.OpenURL**](https://adaptivecards.io/explorer/Action.OpenUrl.html), [**Action.ShowCard**](https://adaptivecards.io/explorer/Action.ShowCard.html), [**Action.ToggleVisibility**](https://adaptivecards.io/explorer/Action.ToggleVisibility.html), and [**Action.Execute**](/adaptive-cards/authoring-cards/universal-action-model#actionexecute).
+>
+> * For Adaptive Cards in Incoming Webhooks, all native Adaptive Card schema elements, except `Action.Submit`, are fully supported. The supported actions are [**Action.OpenURL**](https://adaptivecards.io/explorer/Action.OpenUrl.html), [**Action.ShowCard**](https://adaptivecards.io/explorer/Action.ShowCard.html), [**Action.ToggleVisibility**](https://adaptivecards.io/explorer/Action.ToggleVisibility.html), and [**Action.Execute**](/adaptive-cards/authoring-cards/universal-action-model#actionexecute).
+>
+> * Adaptive Card supports only Incoming Webhook O365 Connector type and not any other O365 Connector types.
## Common properties for all cards
Bot Framework reference:
The signin card in Teams is similar to the signin card in the Bot Framework except that the signin card in Teams only supports two actions `signin` and `openUrl`.
-The signin action can be used from any card in Teams, not just the signin card. For more information, see [Teams authentication flow for bots](~/bots/how-to/authentication/auth-flow-bot.md).
+The log in action can be used from any card in Teams, not just the log in card. For more information, see [Teams authentication flow for bots](~/bots/how-to/authentication/auth-flow-bot.md).
-### Support for signin cards
+### Support for log in cards
-The following table provides the features that support signin cards:
+The following table provides the features that support sign in cards:
| Bots in Teams | Message extensions | Connectors | Bot Framework | | | | | |
The following table provides the features that support signin cards:
Bot Framework reference:
-* [Signin card Node.js](/javascript/api/botframework-schema/signincard?view=botbuilder-ts-latest&preserve-view=true)
+* [Log in card Node.js](/javascript/api/botframework-schema/signincard?view=botbuilder-ts-latest&preserve-view=true)
* [Signin card C#](/dotnet/api/microsoft.bot.schema.signincard?view=botbuilder-dotnet-stable&preserve-view=true) ## Thumbnail card
platform Whats New https://github.com/MicrosoftDocs/msteams-docs/commits/main/msteams-platform/whats-new.md
Microsoft Teams platform features that are available to all app developers.
| 08/03/2022 | Share to Teams from personal app or tab | Integrate with Teams > Share to Teams > [Share to Teams from personal app or tab](concepts/build-and-test/share-to-teams-from-personal-app-or-tab.md) | | 08/03/2022 | Added feature for retrieving meeting transcripts in the post-meeting scenario. | Build apps for Teams meetings and calls > Get meeting transcripts using Graph APIs > [Overview](graph-api/meeting-transcripts/overview-transcripts.md) | | 08/03/2022 | Link unfurling for share to teams from web apps | Integrate with Teams > Share to Teams > [Share to Teams from web apps](concepts/build-and-test/share-to-teams-from-web-apps.md) |
+| 08/01/2021| Notice: Developer Portal is now GA and App Studio is deprecated from August, 01, 2022. | Tools and SDK > [Developer Portal for Teams](concepts/build-and-test/teams-developer-portal.md) |
| 07/28/2022 | Add the Teams display picture and people card for in-meeting notification| Build apps for Teams meetings and calls > Enable and configure apps for meetings > [In-meeting notification](apps-in-teams-meetings/enable-and-configure-your-app-for-teams-meetings.md#in-meeting-notification) | | 07/28/2022 | Build shared channels in Teams | Build apps for Teams meetings and calls > [Shared channels](concepts/build-and-test/Shared-channels.md) | | 07/28/2022|Introduced app manifest v1.14| App manifest > [App manifest schema for Teams](resources/schem)|