Authentication in Teams

In order for your app to access user information stored in Azure Active Directory, as well as access data from other services like Facebook and Twitter, your app will have to establish a trusted connection with those providers. The Microsoft Teams JavaScript client SDK supports this in a way that allows your apps to work both in the web and desktop versions of Teams. (Currently, app authentication from iOS and Android is somewhat different, but much of what's described here does, or soon will, work on mobile devices as well.)

Use the OAuthCard for easier authentication

The Azure Bot Service’s OAuthCard has been recently introduced to make authentication easier for apps using bots. For more information on using the OAuthCard See:

The other topics in this section describe authentication without using the OAuthCard, so if you want to understand authentication in Teams more deeply, or have a situation where you can not use the OAuthCard, you can still refer to those topics.

General authentication information

Authentication flow as it applies to any authentication provider:

  • Authentication flow in tabs describes how tab authentication works in Teams. This shows a typical web based authentication flow used for tabs.
  • Authentication flow in bots describes how authentication works within a bot in your app in Teams. This shows a non-web based authentication flow used for bots on all versions of Teams (web, desktop app, and mobile apps)

Authentication in Azure Active Directory

Detailed implementation walkthroughs for authentication using Azure Active Directory (Azure AD):


Sample code showing bot authentication in Node:

Sample code showing tab authentication for C# and Node: