question

GuyKedar-0937 avatar image
0 Votes"
GuyKedar-0937 asked

What is the simplest way to secure an api called from microsoft teams app

I am trying to develop a simple microsoft teams tab app, and feel like I'm getting lost in the Microsoft ecosystem.

What would be the simplest way to call an API with an authorization header that includes a token?

My web app, which I want to use for my tab is a next js app hosted on Vercel.

So my ideal flow would be :

Authenticate with the Microsoft teams javascript SDK using


microsoftTeams.authentication.authenticate({
url: window.location.origin + "/auth-start.html",
width: 600,
height: 535,
successCallback: (accessToken: string) => {
resolve(accessToken);
},
failureCallback: (reason) => {
reject(reason);
}
});


Save the token in my web app, and include it in calls to my backend.

The part that I can't find how to do in any guides is:

On my backend parse the token and get basic info about the user's email, name, and confirmation that he is authenticated.

office-teams-app-dev
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers