-3

This question to get consultation only.

I have a school use microsoft teams to benefit a OnlineMeeting, Assignment ...

I have a education website to making this using of teams services much easy.

So i get api from teams and in put them in my website, in this case i need consultation:

Example if i get joinMeetingURL this url is private that means only student in a class that teacher has create this meeting can join .

In this case we need this student to sign in in his microsoft teams righ? So i need SSO ?

In generale if i want to use data in microsoft teams we need to ensure that the student has sign in from his microsoft teams ?
lio brett
  • 11
  • 1

1 Answers1

0

I would certainly use SSO for this - it saves you worrying about managing your own usernames and passwords, and you know the users have a proper account with a trustable identify (Microsoft 365). There are two types of SSO that might be relevant here though:

  1. TEAMS TAB SSO - this is only if you want your app to live INSIDE Teams, as a tab (read more at https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-aad-sso)

  2. Microsoft 365 SSO - Look into the MSAL 2.0 Library at https://developer.microsoft.com/en-us/identity/blogs/msal-js-2-0-supports-authorization-code-flow-is-now-generally-available/

Hilton Giesenow
  • 9,809
  • 2
  • 10
  • 24
  • that it, in my case i should use TEAMS TAB SSO i want only my app live in teams. – lio brett Jan 12 '21 at 08:30
  • What means this ? The getAuthToken() is only valid for consenting to a limited set of user-level APIs — email, profile, offline_access and OpenId — and not for further Microsoft Graph scopes such as User.Read or Mail.Read. See our section at the end of this document for suggested workarounds if you require additional Graph scopes. @HiltonGiesenow – lio brett Jan 12 '21 at 08:32
  • If you only want to use SSO to verify the user's identity, it's not a problem. You can use the token that is returned in the code to send to your own api, e.g. as "Bearer" token, to identify the user. You should validate the token (look into jwt token validation) to make sure in your api that it is the correct token) – Hilton Giesenow Jan 12 '21 at 08:36
  • "only valid for consenting to a limited set of user-level APIs" - basically what this means is that if you want to be able to call the Microsoft Graph on behalf of the user, then the SSO is only the first step - you need to use the token you get, and exchange it for a 2nd token. I have a sample on how to do that at https://github.com/pnp/teams-dev-samples/tree/master/samples/tab-sso – Hilton Giesenow Jan 12 '21 at 08:37
  • if i put in my website a link (URLJoinMeeting) for a class that student include in, after his sign in in my website using sso and every thing fine, he can join this meeting normaly? @HiltonGiesenow – lio brett Jan 12 '21 at 08:40
  • yes that should work fine – Hilton Giesenow Jan 12 '21 at 08:43
  • thank you so much, I really appreciate your time given to me ! @HiltonGiesenow – lio brett Jan 12 '21 at 08:45
  • Teacher can create a meeting from my website using Request Post Api (create meeting) ? @HiltonGiesenow – lio brett Jan 12 '21 at 08:50
  • Does that need to use the Graph API? If so, you'll need to look at the sample I posted above, to get additional Graph permissions in a 2nd call – Hilton Giesenow Jan 12 '21 at 09:58