We are enabling SSO for our Teams App using the below documentation: https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/tab-sso-graph-api?tabs=nodejs#configure-code-to-fetch-access-token-using-msal

This is the code that is used to acquire a token using MSAL:

msalClient.acquireTokenOnBehalfOf({
    authority: `https://login.microsoftonline.com/${tid}`,
    oboAssertion: token,
    scopes: scopes,
    skipCache: true
})

When we try to acquire token by passing tenantId or common as authority, the token API is failing because of CORS issue in both local as well as the development environment.

Access to XMLHttpRequest at 'https://login.microsoftonline.com/common/oauth2/v2.0/token' from origin *** has been blocked by CORS policy

We have added the domains in expose API during registration.

Is there any other config which is needed to allow requests from other defined origins (localhost and other domains)?

CodePudding user response：

It sounds like you're using client-side code to get this token - if so, very importantly, you've misunderstood how this works. An 'OnBehalfOf' token call should ONLY be made from a backend server, in which case CORS would not apply. There is 'javascript' code for this because you might have a Node-based backend, NOT because you're meant to use it from in the browser.

The only call you need to make from your front-end code is to

microsoftTeams.authentication.getAuthToken()

Here's a more detailed answer I've given before - please have a look and also check out the excellent video and blog post I've linked in there: Problem with getting SSO Auth token from Microsoft Teams