MS Teams access token signature is invalid
I am trying to validate an access token from ms teams in my backend application. The validation fails because the siganture of the token is invalid. This is how I obtain the token: export class MyWebPart extends BaseClientSideWebPart { protected async onInit(): Promise<void> { await super.onInit(); this.context.sdks.microsoftTeams?.teamsJs.authentication.getAuthToken() .then(token => sendToBackend(token)); } } When I copy the token into JWT.io it says that the signature of the token is invalid. I notice that in the token the issuer is: https://sts.windows.net/{{INSERT TENANT ID}}/ and in the openid-configuration: https://login.microsoftonline.com/{{INSERT TENANT ID}}/v2.0 How do I get a proper token?
CreateChannel in GraphAPI sometimes results in not creating the corresponding Sharepoint/OneDrive
Currently the creation of a channel through the Graph API frequently results in the relative, corresponding Sharepoint folder not being created. When using the Graph API to create a channel the response indicates creating the channel was a success, but when going to the files tab it shows: "Your files can’t be found, working on it to restore them." After having clicked on the files tab in the Teams UI, the folder is created eventually (after a couple of minutes). But because automated processes depend on the channel folder, we don’t want to ask the user to manually open the team before the other processes can continue. So: Team created: Ok -> Channel created: Ok-ish (But missing the linked folder) -> One-drive/share point folder, with the name of the channel: Not created Sometimes the folder is created properly, but lately more often it is not created (Not even after 3-4 days of waiting) until the user opens the files tab in the Teams client. This behaviour is new since it worked flawlessly until a week ago. Is there a known workaround for this?RSC permissions cause app to fail installation in personal scope
I am trying to update an existing up to send notifications. The plan is to use RSC permissions for it. I configured the manifest (v 1.19) with the following scopes: "authorization": { "permissions": { "resourceSpecific": [ { "name": "TeamsActivity.Send.Chat", "type": "Application" }, { "name": "TeamsActivity.Send.Group", "type": "Application" }, { "name": "TeamsActivity.Send.User", "type": "Application" } ] } }, I then sideloaded it successfully with this configuration into a team and also into a chat. However when I try to install it into the personal scope directly I get the error in a dialog box: Something went wrong In the network tab of the web inspector I see that this call fails with 403: https://teams.microsoft.com/api/mt/emea/beta/users/apps/definitions/appPackage The body of the response says: {"errorCode":"WebApplicationInfoIdConflictOnSideloadingIntoTeam"} However, when I change the included permissions in the manifest to only TeamsActivity.Send.Group the app installs successfully into personal scope "authorization": { "permissions": { "resourceSpecific": [ { "name": "TeamsActivity.Send.Group", "type": "Application" } ] } }, So I guess it has nothing to do with an id conflict. I also made sure to remove all old instances of the sideloaded app before (which was never a problem so far). How can I use all three RSC scopes in my app manifest and still install the app into the personal scope. Or what could be wrong? Anything I could check to figure out why this is not working but only the TA.Send.Group scope?
Missing something obvious? Teams App install with custom parameters?
This one is really throwing our team for a loop! We are trying to pass two custom parameters (ID & Token) during app installation Each customer in our application has a unique ID and Token, which we need to pass when they install our Teams bot. We attempted to append these parameters to the installation URL as follows: 🔗 Installation URL: https://teams.microsoft.com/l/app/feea88de-b85f-4a8a-a724-d076d8de24af?source=app-details-dialog&context={id:%20%22%22,%20token:%20%22%22} However, we are unable to retrieve these parameters in the installationUpdate callback. What is the correct approach to pass and retrieve custom parameters (ID & Token) during app installation? Thank you for any insight!
When using proxy on localhost teams fails to establish TCP connection for login
This is a strange problem, and it took us quite a while to get to the bottom of it. We tested on Windows 10 and Windows 11 with the latest Teams app. What is the problem? We are working on a solution the monitors network traffic for a safe school environment. As part of that we install a local proxy on Windows devices. The proxy is configured as manual proxy in the proxy settings. When requesting to sign into Teams, Teams establishes a connection to `login.microsoftonline.com`. Without the proxy that works without problems. Teams establishes a TCP connection, sends a CONNECT, TLS handshake and then encrypted data. When activating the local proxy any connection is fine (e.g. `teams.events.data.microsoft.com`, `nav.smartscreen.microsoft.com` are established just fine), but the one to `login.microsoftonline.com` is not established. In Teams this results in an error page that the login page can't be reached (it reports a 404, but it's not a 404). We ensured that nothing was blocked and there are no lower level connection errors, then we dug deeper with Wireshark. Once accessing the login page (which would trigger connection making for `login.microsoftonline.com`) we see a `SYN` being sent to establish the TCP connection, but there is never a `SYN/ACK`. The local proxy never receives this `SYN` (no connection is ever established), somehow it never reaches the destination but is "dropped". We can see that Teams tries to re-transmit the SYN, but it never arrives at the destination. A tcp `SYN` not reaching it's destination points to it being blocked somewhere, so we: - Turned the firewall off (anything that can be turned off is turned off) - Added specific allow rules for any other device control that could block. This did not help, the problem keeps persisting. (Note: We were able to reproduce this problem with a different proxy solution as well. Once we configure the proxy on localhost we run into this issue.) We also tried: - Configure the local proxy with the IP address of the machine within the local network (i.e. 10.12.128.2) instead of `127.0.0.1`: Leads to the same problem. - Run the local proxy on another Windows machine, turn off firewall and connect to the proxy on the other machine: No problems with this solution, the connection is established fine. We then tried to configure the proxy via PAC file (without a DIRECT fallback), which result in different weird behavior. In the browser the behavior is as expected - pages that are blocked by the proxy report a connection failure, pages that are allowed can be accessed. For Teams login we don't run into problems with the PAC file based settings, but Teams does not route the connection to `login.microsoftonline.com` through the proxy! The connection to `login.microsoftline.com` somehow implicitly bypasses the system wide proxy settings when using a PAC file (i.e. I see the connection in Wireshark, but it's directly established, not going through the proxy even though it is configured via PAC file). Other connections related to Teams are established through the proxy as expected. I don't think this is expected behavior. I have Wireshark traces that show all the different behaviors. If needed I'm happy to add them to this ticket. It would be great to get help with a better understanding what could be the problem. What could cause this behavior (in Teams / in Windows)? With a better understanding of the behavior we could work on overcoming this problem.
Teams app is crashing if window.location.hash it set
We are using the Teams Channel Tab app with a component that replies on the hash parameter. On click of a button from a list of folder within the Tab, we are trying to set the window.location.hash. Another component uses an event listener to listen to the hashChange and retrieves this hash parameter that was set and uses for further processing. This works perfectly fine in Outlook addin as we are rendering the same component in Teams and Outlook However, as soon as I set the window.location.hash, the app crashes without any error in Developer tool Console. We have hosted the Tab app at - "https://localhost:8080/#/channel" I am thinking of 2 possible causes for this crash- 1. Is the app trying to crash when I am setting the hash as it already has '#' in the url? 2. Is there a limitation where we cannot set and get window.location.hash while inside the Teams Tab app?Need help intercepting outgoing messages and accessing chat history in Teams bot (python)
Hi everyone, I’m relatively new to programming and have been experimenting with the Teams AI Library in Python. I’ve created a basic bot application using the Teams Toolkit with the Custom Engine Agent template. So far, so good, but I’m stuck on two specific tasks and would appreciate some guidance. Here’s what I’m trying to achieve: Intercept outgoing messages before they are sent: I’d like to capture and potentially modify messages just before they are sent out by the bot. Access the conversation history: I want to retrieve the chat history for the current conversation. I’m wondering if there’s a simple way to do this without overhauling the existing logic. Specifically: Can I use a decorator in bot.py to intercept outgoing messages without disrupting the rest of the bot’s functionality? Is there an even simpler solution that I might be missing? TL;DR: New to programming, using Teams AI Library in Python with a basic bot. Need to: Intercept outgoing messages before they’re sent. Access conversation history. Is a decorator in bot.py the way to go, or is there a simpler solution? Thanks! Looking forward to your suggestions!
Outlook plugin: Updating manifest doesn't work, Update TenantAppDefinition failed
Hello, I raised this request to the official MS customer service already and they couldn't help. The problem is as follows: We are developing an Outlook Add-In using the 'new' JSON manifest way. So far, we deployed our plugin to the Azure BLOB storage destination as it's specified by Teams Toolkit. Also, we were able to register it in the MS Teams Admin Center. Now we wanted to make some changes to our icons registration in the manifest file and ran into an unknown exception. For testing, we reverted those changes and only increased the version number. However, the error message remained as-is, although the same manifest worked some time (maybe 1-2 weeks maybe) ago. There were no changes to the manifest file since then, except an increase in the version number. The manifest can be submitted without any issues if the "ribbons" part is completely removed. However, it passes all validations described in https://learn.microsoft.com/en-us/office/dev/add-ins/testing/troubleshoot-manifest . All icons match the specifications. The same happens if we submit it as a new app. This is the error message that we could intercept in the browser's DEV Tools when submitting the manifest in the appPackage to MS Teams Admin Center (manage existing app). Sensitive info was removed: { "error": { "code": "BadRequest", "message": "Update TenantAppDefinition failed, UserId: 'beefbeef-beef-beef-beef-beefbeefbeef', TenantId: 'beefbeef-beef-beef-beef-beefbeefbeef', Exception: 'Microsoft.SkypeSpaces.MiddleTier.Common.ServiceException: Failed to execute settings store request: https://emea.settings.teams.internal.office.com/v1.0/settings/teams/apps/beefbeef-beef-beef-beef-beefbeefbeef/definitionv2, StatusCode: 400, ReasonPhrase: Schema validation errors, X-MSEdge-Ref: beefbeef-beef-beef-beef-beefbeefbeef\r\n at Microsoft.SkypeSpaces.MiddleTier.BackendServices.SettingsStore.SettingsStore.ExecuteRequestAsync(HttpRequestMessage requestMessage, String requestName, String entityType, String facet, Boolean throwOn404) in C:\\a\\_work\\1\\s\\Source\\BackendServices\\BackendServices\\SettingsStore\\SettingsStore.cs:line 339\r\n at Microsoft.SkypeSpaces.MiddleTier.BackendServices.SettingsStore.SettingsStore.PutSettingAsync(String entityType, String entityId, String facet, String value, String ifMatch, String tenantIdForRegionLookup) in C:\\a\\_work\\1\\s\\Source\\BackendServices\\BackendServices\\SettingsStore\\SettingsStore.cs:line 146\r\n at Microsoft.SkypeSpaces.MiddleTier.BackendServices.SettingsStore.SettingsStore.PutSettingAsync(String entityType, String entityId, String facet, String value, String ifMatch) in C:\\a\\_work\\1\\s\\Source\\BackendServices\\BackendServices\\SettingsStore\\SettingsStore.cs:line 118\r\n at Microsoft.SkypeSpaces.MiddleTier.BackendServices.SettingsStore.SettingsStore.PutSettingAsync(String entityType, String entityId, String facet, String value) in C:\\a\\_work\\1\\s\\Source\\BackendServices\\BackendServices\\SettingsStore\\SettingsStore.cs:line 100\r\n at Microsoft.SkypeSpaces.MiddleTier.Provider.SettingsStore.RegionalSettingsStoreProvider.SetAppDefinitionAsync(String appId, AppDefinitionItem appDefinition) in C:\\a\\_work\\1\\s\\Source\\Provider\\Provider\\SettingsStore\\RegionalSettingsStoreProvider.cs:line 1910\r\n at Microsoft.Teams.MiddleTier.Apps.AppDefinitionsStore.Commands.CustomAppDefinitionWriter.<>c__DisplayClass10_0.<<UpdateAsync>b__0>d.MoveNext() in C:\\a\\_work\\1\\s\\Source\\Modules\\Apps\\MiddleTier.Apps\\AppDefinitionsStore\\Commands\\CustomAppDefinitionWriter.cs:line 103\r\n--- End of stack trace from previous location ---\r\n at Microsoft.SkypeSpaces.MiddleTier.Common.InstrumentedAsyncFunc`1.ExecuteAsync()\r\n at Microsoft.Teams.MiddleTier.Apps.AppDefinitionsStore.Commands.CustomAppDefinitionWriter.UpdateAsync(CustomAppDefinitionWriteContext context) in C:\\a\\_work\\1\\s\\Source\\Modules\\Apps\\MiddleTier.Apps\\AppDefinitionsStore\\Commands\\CustomAppDefinitionWriter.cs:line 113\r\n at Microsoft.Teams.MiddleTier.Apps.AppDefinitionsStore.Commands.CustomTenantAppDefinitionWriter.UpdateAsync(CustomAppDefinitionWriteContext context) in C:\\a\\_work\\1\\s\\Source\\Modules\\Apps\\MiddleTier.Apps\\AppDefinitionsStore\\Commands\\CustomTenantAppDefinitionWriter.cs:line 56\r\n at Microsoft.Teams.MiddleTier.Apps.Providers.AppsProviderTenant.UpdateTenantAppDefinitionAsync(AppDefinitionItem appDefinitionItem, ZipArchive appPackage) in C:\\a\\_work\\1\\s\\Source\\Modules\\Apps\\MiddleTier.Apps\\Providers\\AppsProviderTenant.cs:line 1733'Failed to execute settings store request: https://emea.settings.teams.internal.office.com/v1.0/settings/teams/apps/beefbeef-beef-beef-beef-beefbeefbeef/definitionv2, StatusCode: 400, ReasonPhrase: Schema validation errors, X-MSEdge-Ref: beefbeef-beef-beef-beef-beefbeefbeef", "innerError": { "code": "BadRequest", "message": "Update TenantAppDefinition failed, UserId: 'beefbeef-beef-beef-beef-beefbeefbeef', TenantId: 'beefbeef-beef-beef-beef-beefbeefbeef', Exception: 'Microsoft.SkypeSpaces.MiddleTier.Common.ServiceException: Failed to execute settings store request: https://emea.settings.teams.internal.office.com/v1.0/settings/teams/apps/beefbeef-beef-beef-beef-beefbeefbeef/definitionv2, StatusCode: 400, ReasonPhrase: Schema validation errors, X-MSEdge-Ref: beefbeef-beef-beef-beef-beefbeefbeef\r\n at Microsoft.SkypeSpaces.MiddleTier.BackendServices.SettingsStore.SettingsStore.ExecuteRequestAsync(HttpRequestMessage requestMessage, String requestName, String entityType, String facet, Boolean throwOn404) in C:\\a\\_work\\1\\s\\Source\\BackendServices\\BackendServices\\SettingsStore\\SettingsStore.cs:line 339\r\n at Microsoft.SkypeSpaces.MiddleTier.BackendServices.SettingsStore.SettingsStore.PutSettingAsync(String entityType, String entityId, String facet, String value, String ifMatch, String tenantIdForRegionLookup) in C:\\a\\_work\\1\\s\\Source\\BackendServices\\BackendServices\\SettingsStore\\SettingsStore.cs:line 146\r\n at Microsoft.SkypeSpaces.MiddleTier.BackendServices.SettingsStore.SettingsStore.PutSettingAsync(String entityType, String entityId, String facet, String value, String ifMatch) in C:\\a\\_work\\1\\s\\Source\\BackendServices\\BackendServices\\SettingsStore\\SettingsStore.cs:line 118\r\n at Microsoft.SkypeSpaces.MiddleTier.BackendServices.SettingsStore.SettingsStore.PutSettingAsync(String entityType, String entityId, String facet, String value) in C:\\a\\_work\\1\\s\\Source\\BackendServices\\BackendServices\\SettingsStore\\SettingsStore.cs:line 100\r\n at Microsoft.SkypeSpaces.MiddleTier.Provider.SettingsStore.RegionalSettingsStoreProvider.SetAppDefinitionAsync(String appId, AppDefinitionItem appDefinition) in C:\\a\\_work\\1\\s\\Source\\Provider\\Provider\\SettingsStore\\RegionalSettingsStoreProvider.cs:line 1910\r\n at Microsoft.Teams.MiddleTier.Apps.AppDefinitionsStore.Commands.CustomAppDefinitionWriter.<>c__DisplayClass10_0.<<UpdateAsync>b__0>d.MoveNext() in C:\\a\\_work\\1\\s\\Source\\Modules\\Apps\\MiddleTier.Apps\\AppDefinitionsStore\\Commands\\CustomAppDefinitionWriter.cs:line 103\r\n--- End of stack trace from previous location ---\r\n at Microsoft.SkypeSpaces.MiddleTier.Common.InstrumentedAsyncFunc`1.ExecuteAsync()\r\n at Microsoft.Teams.MiddleTier.Apps.AppDefinitionsStore.Commands.CustomAppDefinitionWriter.UpdateAsync(CustomAppDefinitionWriteContext context) in C:\\a\\_work\\1\\s\\Source\\Modules\\Apps\\MiddleTier.Apps\\AppDefinitionsStore\\Commands\\CustomAppDefinitionWriter.cs:line 113\r\n at Microsoft.Teams.MiddleTier.Apps.AppDefinitionsStore.Commands.CustomTenantAppDefinitionWriter.UpdateAsync(CustomAppDefinitionWriteContext context) in C:\\a\\_work\\1\\s\\Source\\Modules\\Apps\\MiddleTier.Apps\\AppDefinitionsStore\\Commands\\CustomTenantAppDefinitionWriter.cs:line 56\r\n at Microsoft.Teams.MiddleTier.Apps.Providers.AppsProviderTenant.UpdateTenantAppDefinitionAsync(AppDefinitionItem appDefinitionItem, ZipArchive appPackage) in C:\\a\\_work\\1\\s\\Source\\Modules\\Apps\\MiddleTier.Apps\\Providers\\AppsProviderTenant.cs:line 1733'Failed to execute settings store request: https://emea.settings.teams.internal.office.com/v1.0/settings/teams/apps/beefbeef-beef-beef-beef-beefbeefbeef/definitionv2, StatusCode: 400, ReasonPhrase: Schema validation errors, X-MSEdge-Ref: beefbeef-beef-beef-beef-beefbeefbeef", "details": [], "date": "2025-02-07T13:18:12", "request-id": "beefbeef-beef-beef-beef-beefbeefbeef", "client-request-id": "beefbeef-beef-beef-beef-beefbeefbeef" } } } This is our manifest (also with sensitive info being removed): { "$schema": "https://developer.microsoft.com/json-schemas/teams/v1.17/MicrosoftTeams.schema.json", "id": "beefbeef-beef-beef-beef-beefbeefbeef", "manifestVersion": "1.17", "version": "1.0.6", "name": { "short": "Outlook Addin name (dev)", "full": "Outlook Addin name" }, "description": { "short": "Outlook Addin name (dev)", "full": "Outlook Addin name" }, "developer": { "name": "OurCompany", "websiteUrl": "https://www.OurCompany.de", "privacyUrl": "https://www.OurCompany.de/privacy", "termsOfUseUrl": "https://www.OurCompany.de/servicesagreement" }, "icons": { "outline": "assets/logoOutlined.png", "color": "assets/logo.png" }, "accentColor": "#230201", "localizationInfo": { "defaultLanguageTag": "en-us", "additionalLanguages": [] }, "webApplicationInfo": { "id": "beefbeef-beef-beef-beef-beefbeefbeef", "resource": "api://CENSORED/beefbeef-beef-beef-beef-beefbeefbeef" }, "authorization": { "permissions": { "resourceSpecific": [ { "name": "MailboxItem.Read.User", "type": "Delegated" }, { "name": "Group.Read.All", "type": "Delegated" }, { "name": "Channel.ReadBasic.All", "type": "Delegated" }, { "name": "Sites.ReadWrite.All", "type": "Delegated" }, { "name": "Tasks.ReadWrite.All", "type": "Delegated" }, { "name": "Tasks.ReadWrite.Shared", "type": "Delegated" }, { "name": "Group-Conversation.ReadWrite.All", "type": "Delegated" } ] } }, "validDomains": ["OurCompany.de"], "extensions": [ { "requirements": { "scopes": ["mail"], "capabilities": [ { "name": "Mailbox", "minVersion": "1.3" } ] }, "runtimes": [ { "requirements": { "capabilities": [ { "name": "Mailbox", "minVersion": "1.3" } ] }, "id": "TaskPaneRuntime", "type": "general", "code": { "page": "https://censored.web.core.windows.net/taskpane.html" }, "lifetime": "short", "actions": [ { "id": "TaskPaneRuntimeShow", "type": "openPage", "pinnable": false, "view": "dashboard" } ] } ], "ribbons": [ { "contexts": ["mailRead"], "tabs": [ { "builtInTabId": "TabDefault", "groups": [ { "id": "msgReadGroup", "label": "Outlook Addin name", "icons": [ { "size": 16, "url": "https://censored.web.core.windows.net/assets/icon-16.png" }, { "size": 32, "url": "https://censored.web.core.windows.net/assets/icon-32.png" }, { "size": 80, "url": "https://censored.web.core.windows.net/assets/icon-80.png" } ], "controls": [ { "id": "msgReadOpenPaneButton", "type": "button", "label": "Outlook Addin name (dev)", "icons": [ { "size": 16, "url": "https://censored.web.core.windows.net/assets/icon-16.png" }, { "size": 32, "url": "https://censored.web.core.windows.net/assets/icon-32.png" }, { "size": 80, "url": "https://censored.web.core.windows.net/assets/icon-80.png" } ], "supertip": { "title": "Show Outlook Addin name", "description": "Opens a pane displaying Outlook Addin name." }, "actionId": "TaskPaneRuntimeShow" } ] } ] } ] } ] } ] } Is there anything we can do to further investigate the issue?Geeting CORS in API while calling inside Teams APP TAB
Getting CORS in API while calling inside Teams APP TAB Calling API in Teams App TAB const u = `${domain}/api/login.json`; fetch(u, requestOptions) .then(resp => { } While calling API we are getting CORS Despite receiving correct responses in the network tab, the app is receiving different responses, possibly due to the restricted Teams SDK..Pass a custom parameter during app installation
Each customer in our application has a unique ID and Token, which we need to pass when they install our Teams bot. We attempted to append these parameters to the installation URL as follows: 🔗 Installation URL:https://teams.microsoft.com/l/app/feea88de-b85f-4a8a-a724-d076d8de24af?source=app-details-dialog&context={id:%20%22%22,%20token:%20%22%22} However, we are unable to retrieve these parameters in the installationUpdate callback. What is the correct approach to pass and retrieve custom parameters (ID & Token) during bot installation?
