0

I am facing issue on Firefox for Teams APP authentication. I have a Configurable Tab which is a Blazor web application. In the Tab, you sign in using an Oauth provider which is not Azure Ad. On browser login works as expected but when open in Teams using Teams app, It never passes the authentication cookies from login pop up to calling page. To make it work on firefox , I have to disable Enahnced tracking protection. I understand that Firefox disabled Iframe to Iframe cookies passing, but does anyone know if there is a way I can handle it in better way without diabling this feature.

This works on Edge and Chrome without disabling any feature. Here is the code from startup.cs file:

    services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieScheme;
                options.DefaultChallengeScheme = OAuthScheme;
                options.DefaultAuthenticateScheme = CookieScheme;
                options.DefaultSignInScheme = CookieScheme;
            })
            .AddCookie(CookieScheme, options =>
            {
                options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
                options.Cookie.SameSite = SameSiteMode.None;
                options.ExpireTimeSpan = TimeSpan.FromMinutes(9.5);
                options.SlidingExpiration = false;
                options.Events = new CookieAuthenticationEvents
                {
                    OnValidatePrincipal = RefreshTokenIfRequired
                };
            })
            .AddOAuth(OAuthScheme, options =>
            {
                var Settings = JsonConvert.DeserializeObject<ApiSettings>(Configuration["oauth"]);
                options.ClientId = Settings.ClientId;
                options.ClientSecret = Settings.ClientSecret;
                options.AuthorizationEndpoint = Settings.AuthEndpoint;
                options.TokenEndpoint = Settings.TokenEndpoint;
                options.CallbackPath = new PathString("/oauth/callback");
              
                options.SaveTokens = true;

            });
user25879
  • 129
  • 7
  • 1
    There doesn't seem to be a better way to enable Iframe to Iframe cookies passing in Firefox. I think you can refer to [this link](https://stackoverflow.com/questions/16593358/firefox-22-third-party-cookie-in-iframe-session), maybe it will help you. – Chen Oct 20 '22 at 09:07

1 Answers1

0

It looks like you're trying to implement the signing process yourself, and especially in the desktop client is where you'll run into exactly the problems you're facing. Instead of implementing signing/cookies/etc., you should implement the actual SSO capabilities that Teams has specifically built to support you. Please see here for more: https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/tab-sso-overview

If you're leveraging Azure Active Directory, that's the easiest, but this SSO capability even supports alternative oAuth providers - see https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-flow-tab

Hilton Giesenow
  • 9,809
  • 2
  • 10
  • 24
  • I need to authenticate using an external oauth provider. Its not through Azure AD. Desktop works fine. There are no issue while signing in. – user25879 Oct 19 '22 at 13:58
  • Could you please refer below doc: https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-oauth-provider – Nivedipa-MSFT Oct 20 '22 at 10:17