Microsoft Teams Adal silent Authentication fail (iframe sandbox)

Question

We have developped a custom tab for Microsoft Teams and would like to authenticate users silently, using Adal as describe in this article https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/authentication/auth-silent-aad It works fine in development environment, but fail in production environment ! The console show the following error message :

Unsafe JavaScript attempt to initiate navigation for frame with origin 'https://teams.microsoft.com' from frame with URL 'https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=(...) Unsafe JavaScript attempt to initiate navigation for frame with origin 'https://teams.microsoft.com' from frame with URL 'https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=(...)'. The frame attempting navigation of the top-level window is sandboxed, but the flag of 'allow-top-navigation' or 'allow-top-navigation-by-user-activation' is not set.

I don't understand why the behavior is different in development and production environment? How can I fix it?

Thanks

As Addeladde point it, the iframe is created by Teams : sandbox="allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-pointer-lock allow-scripts allow-same-origin" — David Jourand, Mar 13 '19 at 12:45

score 0 · Answer 1 · answered Mar 12 '19 at 09:15

0

You need to allow top navigation on your iframe element by providing some attribute value to the sandbox attribute

<iframe src="yourpage.html" sandbox="allow-top-navigation"></iframe>

Have a look at here to know more about those attribute values.

answered Mar 12 '19 at 09:15

Towkir

3,889
2
22
41

2

the iframe is created by the Teams application is there a way for me to affect how the iframe is created? – Addeladde Mar 12 '19 at 16:32
If you can add scripts on that page, then *yes*. you can write script to get that iframe and modify it's `sandbox` attribute. – Towkir Mar 12 '19 at 16:34

score 0 · Answer 2 · answered Apr 01 '19 at 12:36

0

Put this in you tab page

window.onload = function () {

        if (parent.document.getElementById("extension-tab-frame")) {
            var iframe = parent.document.getElementById("extension-tab-frame");
            iframe.sandbox = 'allow-forms allow-modals allow-popups allow-pointer-lock allow-scripts allow-same-origin allow-top-navigation';
        }
    }

answered Apr 01 '19 at 12:36

Addeladde

777
2
9
28

This causes a DOMException `Blocked a frame with origin "https://myoriginalpage.com" from accessing a cross-origin frame.` – garie Sep 25 '19 at 12:35

Microsoft Teams Adal silent Authentication fail (iframe sandbox)

2 Answers2