0

my Microsoft Teams app needs to access a REST web service that uses Basic Authentication.

the tutorials only seem to show how to do this for authentication with Azure Active Directory:

https://learn.microsoft.com/en-us/learn/modules/embedded-web-experiences/7-exercise-implement-tab-authentication

the above tutorial shows the user a login prompt and authenticates client side. how do i implement something like this for Basic Authentication?

EDIT: i'm mentioning client side because i want Teams to remember the login. the web service is basically for collaboration. so i can't use the same account for all users

EDIT2

for completeness i'm including an example client side call that ended up working (it shows a login popup to the user the first time as it does in a browser):

var url = "https://example.com/Service.svc/Request";
var init = {credentials:"include", headers:{"Accept":"application/json"}};
fetch(url,init)
    .then(response => response.text())
    .then(data => alert(data));
symbiont
  • 1,428
  • 3
  • 21
  • 27

3 Answers3

1

I assume you are trying to access some external page or resource that requires basic auth.. otherwise there would be no reason to try to do oath. Teams Seems to support Basic Auth for tabs, eg i can add a tab point it to a website with basic auth, and a purple popup will appear, but how to trigger it from an application would be a different story. assuming you're just calling https://api.abc.com/whatever all the time in the app, one "maybe" solution would be to embed an iframe somewhere in your teams app view, and load that domain, like https://api.abc.com/test if that page requires authentication, it should popup this purple authenticate window that you can type in your "basic auth" in. after you do that, the teams "browser" in theory should now have a session authed.

If you don't like this way, you could make an initial page in your app where they type in their username and password, take the input and then make an http call something like this: https://stackoverflow.com/a/57665644/13470894 ?

Hopefully that helps a bit

Regards,

alphaz18
  • 2,610
  • 1
  • 5
  • 5
  • i just tested using a page with Basic Authentication as a tab, as you suggested. and indeed i saw the purple popup to login! this looks very interesting. maybe there is a standard Teams JavaScript SDK component doing this. i will look into it... – symbiont May 13 '20 at 11:33
  • i don't think i can use the answer you are pointing to because it's server side. and i want Teams to remember the login. it's user specific. but i am looking into your other suggestion – symbiont May 13 '20 at 11:34
  • thanks! this pointed me in the right direction. the solution was to simply call the web service client side. like browsers, Microsoft Teams shows the user a popup to login the first time, and then remembers the password for the session – symbiont Jun 25 '20 at 20:25
0

Azure AD does not support basic auth for external services. You have two options:

  • Migrate from Basic Auth to "Modern Auth" (OpenID Connect / OAuth / (last resort) SAML) if you can. This one is preferred.

  • Figure out a wat to ask the enduser for their username / password, as this is basically what you need for basic auth

Last but not least, if your web service does not actually need a user account, but just a service account, you can save the authentication details about that web service in an Azure KeyVault and read them out when you need to construct the basic auth header.

But again, Azure AD does not support Basic Auth. And in fact, Microsoft is deprecating basic auth for Exchange Online as announced here.

astaykov
  • 30,768
  • 3
  • 70
  • 86
  • i edited the question to clarify that it's a Teams app. so, do Teams apps have built in support Basic Authentication for external services? you mention constructing a Basic Auth header. is this functionality part of the Teams JavaScript SDK? – symbiont May 11 '20 at 22:14
  • and i'd rather not use the same account for all users, because the web service tracks changes by user – symbiont May 11 '20 at 22:15
0

There are APIs, which are showing Basic Authentication window / error on trying to reach them, but in fact, access is able by passing some auth header - sometimes totally custom.

Contact with the API owner and ask about that, you will not do anything more without just talk to them.

Luke Duda
  • 904
  • 9
  • 12
  • i actually control the authentication method of both sides. Basic Authentication is the only thing available for this web service and it works fine in my browser. i want to know how this is normally done with Teams because Teams is new to me. hopefully that way, Teams remembers the login. because, i'm also trying to avoid the user having to login for every request. that's why i mentioned client side – symbiont May 13 '20 at 11:30