Authenticate users in Microsoft Teams

Note

Web-based authentication on mobile clients requires version 1.4.1 or later of the Teams JavaScript client SDK.

To access user information protected by Azure Active Directory (AAD) and to access data from services like Facebook and Twitter, the app establishes a trusted connection with those providers. If the app uses Microsoft Graph APIs in the user scope, authenticate the user to retrieve the appropriate authentication tokens.

In Teams, there are two different authentication flows for the app. Perform a traditional web-based authentication flow in a content page embedded in a tab, a configuration page, or a task module. If the app contains a conversational bot, use the OAuthPrompt flow and optionally the Azure Bot Framework's token service to authenticate a user as part of a conversation.

Web-based authentication flow

Use the web-based authentication flow for tabs and choose to use it with conversational bots or messaging extensions. Use the Microsoft Teams JavaScript client SDK in a web content page to enable authentication. After enabling authentication, embed the content page in a tab, a configuration page, or a task module. For more information on web-based authentication flow, see:

The OAuthPrompt flow for conversational bots

The Azure Bot Framework’s OAuthPrompt makes authentication easier for apps using conversational bots. Use Azure Bot Framework's token service to assist with token caching.

For more information on using the OAuthPrompt, see:

  • Bot authentication flow overview describes how authentication works within a bot in the app in Teams. This shows a non-web-based authentication flow used for bots on Teams web, desktop app, and mobile apps.
  • Bot authentication describes how to add OAuth authentication to the Teams bot.

Code sample

provides Bot authentication v3 SDK sample.

Sample name Description .NET Node.js Python
Bot authentication This sample shows how to get started with authentication in a bot for Microsoft Teams. View View View

Configure the identity provider

Regardless of the app's authentication flow, configure the identity provider to communicate with the Teams app. Most samples and walkthroughs primarily deal with using AAD as the identity provider. The concepts, however, apply regardless of the identity provider.

For more information, see configuring an identity provider.