Reputation: 1683
Microsoft Teams Tab SSO getAuthToken returning resourceDisabled
I'm working in a multitenanted teams app, and wanted to add a tab to the bot using SSO. In my development environment this is all working fine and I can log in with no issues. When I deploy this to the QA environment, I'm getting the following error
AUTHMSAL: Event: adal:tokenRenewFailure, code: invalid_resource|AADSTS500011: The resource principal named api://[mydomain]/[myappid] was not found in the tenant named [tenant]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: d9eae514-36e0-4c28-afeb-3312133b0a01
Correlation ID: 82e84904-a4ef-490a-a114-b5efb68eb701
Timestamp: 2021-05-14 15:22:47Z, resource: api://[mydomain]/[myappid], action: resourceDisabled
I'm not sure why this is failing. I have checked the tenant in QA and confirmed my app is listed under "Enterprise Applications", and the permissions have been consented to, and granted Admin Consent. I have also checked if there were any differences (other than URI names) in the setup of my app registration for my development env and qa env, and there are none.
Here is the code I'm using to try and retrieve the AuthToken
const authTokenRequest: microsoftTeams.authentication.AuthTokenRequest = {
successCallback: function (token: string) {
const decoded: { [key: string]: any; } = jwt.decode(token);
localStorage.setItem("name", decoded.name);
localStorage.setItem("token", token);
},
failureCallback: function (error: any) {
console.log("Failure on getAuthToken: " + error);
}
};
microsoftTeams.initialize(() => {
microsoftTeams.getContext((r) => {
microsoftTeams.authentication.getAuthToken(authTokenRequest);
});
});
Could anyone point me in the right direction as to where I'm going wrong?
Upvotes: 5
Views: 4947
Answers (1)
Reputation: 31
@entropic @Anand @Jagadeesh-MSFT
I had a similar situation, receiving a resourceDisabled error from getAuthToken when i tested a tab app created based on the Microsoft provided sample Microsoft Teams - Tabs Azure AD Single Sign-On Sample
[img]resourceDisabled returned from getAuthToken
What i did was correcting the AppID within the webApplicationInfo.resource element according to this Manifest file has incorrect/static resource url #3
I can now get the right result:
[img]getAuthToken is now successful
Note: i also updated the schema version from 1.5 to 1.9, but it seems this change was not relevant to the issue.
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.9/MicrosoftTeams.schema.json",
"manifestVersion": "1.9",
Upvotes: 3
Related Questions
- Why does authentication not go through in MS Teams Bot app?
- Problem with getting SSO Auth token from Microsoft Teams
- Microsoft Teams SSO Authentication method getAuthToken() returns 'resourceDisabled'
- Requesting an access token for an MSTeams bot
- How to get access token for Azure DevOps from Microsoft Teams app?
- Unable to run tab on MS Teams Desktop App
- 401 error while sending a message into a chat with microsoft teams Graph
- How to fetch user access token after authentication in Microsoft Teams Bot?
- Microsoft Teams Action messaging extension with task module and URL not working
- Microsoft Teams Authentication : Unable to retrieve token in teams bot ( V4 SDK)