What is the simplest way to secure an api called from microsoft teams app

Guy Kedar 1

I am trying to develop a simple microsoft teams tab app, and feel like I'm getting lost in the Microsoft ecosystem.

What would be the simplest way to call an API with an authorization header that includes a token?

My web app, which I want to use for my tab is a next js app hosted on Vercel.

So my ideal flow would be :

Authenticate with the Microsoft teams javascript SDK using

microsoftTeams.authentication.authenticate({
url: window.location.origin + "/auth-start.html",
width: 600,
height: 535,
successCallback: (accessToken: string) => {
resolve(accessToken);
},
failureCallback: (reason) => {
reject(reason);
}
});

Save the token in my web app, and include it in calls to my backend.

The part that I can't find how to do in any guides is:

On my backend parse the token and get basic info about the user's email, name, and confirmation that he is authenticated.

Prasad-MSFT 5,616 Reputation points Microsoft Vendor

2023-07-26T09:22:08.1633333+00:00

Could you please let us know if your issue is resolved or are you still looking for any help?
Prasad-MSFT 5,616 Reputation points Microsoft Vendor

2023-07-26T09:22:59.3433333+00:00

Could you please let us know whether your issues have been resolved or are you still looking for any help?
Prasad-MSFT 5,616 Reputation points Microsoft Vendor

2023-08-02T06:31:34.6833333+00:00

Could you please let us know whether your issues have been resolved or are you still looking for any help?