Authentication in Teams
In order for your app to access user information protected by Azure Active Directory, as well as access data from other services like Facebook and Twitter, your app will have to establish a trusted connection with those providers. If your app needs to use Microsoft Graph APIs in the user scope, you'll also need to authenticate the user to retrieve the appropriate authentication tokens.
In Microsoft Teams there are two different authentication flows for your app to take advantage of. You can perform a traditional web-based authentication flow in a content page embedded in a tab, a configuration page, or a task module. If your app contains a conversational bot you can use the OAuthPrompt flow (and optionally the Azure Bot Framework's token service) to authenticate a user as part of a conversation.
Web-based authentication flow
- Authentication flow in tabs describes how tab authentication works in Teams. This shows a typical web based authentication flow used for tabs.
- Azure AD authentication in tabs describes how to connect to Azure Active Directory from within a tab in your app in Teams.
- Silent authentication (Azure AD) describes how to reduce sign-in/consent prompts in your app using Azure Active Directory.
The OAuthPrompt flow for conversational bots
The Azure Bot Framework’s OAuthPrompt makes authentication easier for apps using conversational bots. You can take advantage of Azure Bot Framework's token service to assist with token caching as well.
For more information on using the OAuthPrompt see:
- Bot authentication flow overview describes how authentication works within a bot in your app in Teams. This shows a non-web based authentication flow used for bots on all versions of Teams (web, desktop app, and mobile apps)
- Bot authentication
Configure your identity provider
Regardless of which authentication flow your app is using (you might even be using both), you'll need to configure your identity provider to communicate with your Teams app. The majority of the samples and walkthroughs you'll find here will deal primarily with using Azure Active Directory as your identity provider. The concepts however apply regardless of which identity provider you'll use.
For more information see configuring an identity provider