Change User Authentication Tenant from Azure Tenant which hosts TeamsApp-CodePudding

I'm trying to change the azure AD app for user authentication because the users are in a different tenant than the Azure resources hosting the TeamsApp. I have already created a new Azure AD app in the target tenant. In the documentation I can find the following parameters. Now I have trouble to find the correct value of “Microsoft 365 OAuthAuthorityHost” {{state.fx-resource-aad-app-for-teams.oauthHost}}.

Can someone tell me what exactly is meant by this and where I can find the value?

Microsoft 365 ClientId
{{state.fx-resource-aad-app-for-teams.clientId}}

Microsoft 365 ClientSecret {{state.fx-resource-aad-app-for-teams.clientSecret}}

Microsoft 365 TenantId {{state.fx-resource-aad-app-for-teams.tenantId}}

Microsoft 365 OAuthAuthorityHost {{state.fx-resource-aad-app-for-teams.oauthHost}}

CodePudding user response：

The Client Id and Client Secret you get from the app registration area in the Azure portal - let me know if you need to know more about where to find those. You also need to make sure that the Authentication tab in the App registration is set to allow logins from multiple tenants.

With regards to TenantId and OAuthAuthorityHost, it will depend on what the code is doing (you don't mention what doc you're looking at), but you probably need to use the word "organizations" instead of a specific TenantId and to use https://login.microsoftonline.com/ for the OAuthAuthorityHost

CodePudding user response：

I referred to: https://docs.microsoft.com/en-us/microsoftteams/platform/toolkit/provision

After creating an SSO Teams app, credentials are requested for deployment in Azure. The deployment was successful and an Azure AD app was also created in the same tenant. If we now want to provide the team app as a zip to another tenant via the admin center, no user can sign-in to the teams tab app because the Azure AD app cannot be found in the user's tenant. That's why the idea was to create the Azure AD app in the target tenant. Then why do I need a multi tenant azure ad application?

Or is there an easier way to create a Teams SSO Tab App that is hosted in one Azure tenant and the users are in another tenant and want to log in to the App tab?