团队中的身份验证Authentication in Teams

备注

在移动客户端上基于 Web 的身份验证需要团队 JavaScript SDK 的1.4.1 或更高版本。Web-based authentication on mobile clients requires version 1.4.1 or later of the Teams JavaScript SDK.

为了让您的应用程序能够访问受 Azure Active Directory 保护的用户信息,以及从其他服务(如 Facebook 和 Twitter)访问数据,您的应用程序必须与这些提供程序建立受信任的连接。In order for your app to access user information protected by Azure Active Directory, as well as access data from other services like Facebook and Twitter, your app will have to establish a trusted connection with those providers. 如果您的应用程序需要在用户作用域中使用 Microsoft Graph Api,您还需要对用户进行身份验证以检索相应的身份验证令牌。If your app needs to use Microsoft Graph APIs in the user scope, you'll also need to authenticate the user to retrieve the appropriate authentication tokens.

在 Microsoft 团队中,有两个不同的身份验证流可供您的应用程序利用。In Microsoft Teams there are two different authentication flows for your app to take advantage of. 您可以在嵌入在选项卡、配置页或任务模块中的内容页中执行传统的基于 web 的身份验证流。You can perform a traditional web-based authentication flow in a content page embedded in a tab, a configuration page, or a task module. 如果您的应用程序包含对话的 bot,则可以使用 OAuthPrompt 流(也可以选择使用 Azure Bot 框架的令牌服务)在对话过程中对用户进行身份验证。If your app contains a conversational bot you can use the OAuthPrompt flow (and optionally the Azure Bot Framework's token service) to authenticate a user as part of a conversation.

基于 Web 的身份验证流Web-based authentication flow

您需要对选项卡使用基于 web 的身份验证流,并且可以选择将其与对话 bot邮件扩展一起使用。You'll need to use the web-based authentication flow for tabs, and can choose to use it with conversational bots or messaging extensions. 您将使用 web 内容页中的Microsoft 团队 JavaScript 客户端 SDK启用身份验证,然后将该内容页嵌入到选项卡、配置页或任务模块中。You'll use the Microsoft Teams JavaScript client SDK in a web content page to enable authentication, then embed that content page in a tab, a configuration page, or a task module. 如果要将基于 web 的身份验证流与对话机器人配合使用,则需要将任务模块与 bot 结合使用If you want to use the web-based authentication flow with a conversational bot, you'll need to use a task module with a bot.

对话 bot 的 OAuthPrompt 流The OAuthPrompt flow for conversational bots

Azure Bot 框架的 OAuthPrompt 使使用会话 bot 的应用程序更易于进行身份验证。The Azure Bot Framework’s OAuthPrompt makes authentication easier for apps using conversational bots. 你也可以利用 Azure Bot 框架的令牌服务来协助令牌缓存。You can take advantage of Azure Bot Framework's token service to assist with token caching as well.

有关使用 OAuthPrompt 的详细信息,请参阅:For more information on using the OAuthPrompt see:

配置您的标识提供程序Configure your identity provider

无论您的应用程序使用的是哪种身份验证流(甚至您可能同时使用这两种),您都需要将标识提供程序配置为与您的团队应用程序进行通信。Regardless of which authentication flow your app is using (you might even be using both), you'll need to configure your identity provider to communicate with your Teams app. 你将在此处找到的大部分示例和演练主要是使用 Azure Active Directory 作为你的标识提供程序。The majority of the samples and walkthroughs you'll find here will deal primarily with using Azure Active Directory as your identity provider. 但是,无论您使用哪种标识提供程序,都将应用这些概念。The concepts however apply regardless of which identity provider you'll use.

有关详细信息,请参阅配置标识提供程序For more information see configuring an identity provider