Create new C# sample for signing in with a different Microsoft Entra … #1738
Conversation
…account in Teams tab
There was a problem hiding this comment.
Pull Request Overview
This PR creates a new C# sample demonstrating Microsoft Entra ID authentication and account switching within Microsoft Teams tabs. The sample shows how users can sign in with different Entra accounts for secure, flexible access across Teams, Outlook, and Office platforms.
Key Changes
- Complete ASP.NET Core 6.0 web application with MVC architecture
- OAuth 2.0 authorization code flow implementation for Microsoft Entra ID
- Teams-specific authentication using Teams JavaScript SDK v2.34.0
- Cross-platform support for Teams, Outlook, and Microsoft Office
Reviewed Changes
Copilot reviewed 29 out of 44 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
assets/sample.json |
Sample metadata configuration with Teams-specific properties |
TabAuthEntraAccount/*.cs |
Core ASP.NET application files including controllers, models, and startup configuration |
Views/**/*.cshtml |
MVC views for authentication flow and user interface |
M365Agent/** |
Teams Toolkit configuration for deployment and manifest |
README.md |
Comprehensive documentation with setup instructions and authentication flow |
.github/workflows/build-complete-samples.yml |
CI/CD integration for automated builds |
| </script> | ||
| @{ | ||
| ViewBag.Title = "title"; | ||
| Layout = "_Layout"; | ||
| } | ||
|
|
||
| <script src="https://res.cdn.office.net/teams-js/2.34.0/js/MicrosoftTeams.min.js" | ||
| integrity="sha384-brW9AazbKR2dYw2DucGgWCCcmrm2oBFV4HQidyuyZRI/TnAkmOOnTARSTdps3Hwt" | ||
| crossorigin="anonymous"></script> | ||
| <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script> | ||
| <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> | ||
| <script type="text/javascript"> | ||
| $(document).ready(function () { | ||
| getAuthToken(); | ||
| }); | ||
|
|
||
| // Get id token. | ||
| function getAuthToken() { | ||
| const params = new URLSearchParams(window.location.search); | ||
| const result = params.get('code'); | ||
| const { authId, method, hostRedirectUrl } = JSON.parse(params.get('state')); | ||
| const baseUrl = hostRedirectUrl.split('authId')[0]; | ||
| if (method === 'deeplink') { | ||
| window.location.href = `${baseUrl}authId=${authId}&result=${result}` | ||
| } else { | ||
| microsoftTeams.app.initialize().then(() => { | ||
| if (result) { | ||
| microsoftTeams.authentication.notifySuccess(result); | ||
| } else { | ||
| const error = params.get('error') || 'OAuth failed'; | ||
| microsoftTeams.authentication.notifyFailure(error); | ||
| } | ||
| }); | ||
| } | ||
| } |
There was a problem hiding this comment.
The entire Razor view content and script block are duplicated starting from line 37. This creates duplicate function definitions and DOM ready handlers, which could cause unexpected behavior and makes the code harder to maintain.
| </script> | |
| @{ | |
| ViewBag.Title = "title"; | |
| Layout = "_Layout"; | |
| } | |
| <script src="https://res.cdn.office.net/teams-js/2.34.0/js/MicrosoftTeams.min.js" | |
| integrity="sha384-brW9AazbKR2dYw2DucGgWCCcmrm2oBFV4HQidyuyZRI/TnAkmOOnTARSTdps3Hwt" | |
| crossorigin="anonymous"></script> | |
| <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script> | |
| <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> | |
| <script type="text/javascript"> | |
| $(document).ready(function () { | |
| getAuthToken(); | |
| }); | |
| // Get id token. | |
| function getAuthToken() { | |
| const params = new URLSearchParams(window.location.search); | |
| const result = params.get('code'); | |
| const { authId, method, hostRedirectUrl } = JSON.parse(params.get('state')); | |
| const baseUrl = hostRedirectUrl.split('authId')[0]; | |
| if (method === 'deeplink') { | |
| window.location.href = `${baseUrl}authId=${authId}&result=${result}` | |
| } else { | |
| microsoftTeams.app.initialize().then(() => { | |
| if (result) { | |
| microsoftTeams.authentication.notifySuccess(result); | |
| } else { | |
| const error = params.get('error') || 'OAuth failed'; | |
| microsoftTeams.authentication.notifyFailure(error); | |
| } | |
| }); | |
| } | |
| } |
Copilot uses AI. Check for mistakes.
| getAuthToken(); | ||
| }); | ||
|
|
||
| // Get google client side token. |
There was a problem hiding this comment.
The comment mentions 'google client side token' but this is a Microsoft Entra ID authentication implementation. The comment should reference Microsoft or Entra ID instead of Google.
| // Get google client side token. | |
| // Get Microsoft Entra ID client side token. |
Copilot uses AI. Check for mistakes.
| getAuthToken(); | ||
| }); | ||
|
|
||
| // Get id token. |
There was a problem hiding this comment.
There is an extra space in the comment 'Get id token.' It should be 'Get id token.' or more descriptively 'Get ID token.'
| // Get id token. | |
| // Get id token. |
Copilot uses AI. Check for mistakes.
| "Default": "Information", | ||
| "Microsoft": "Warning", | ||
| "Microsoft.Hosting.Lifetime": "Information" | ||
| } |
There was a problem hiding this comment.
The appsettings.json file contains empty placeholders for sensitive configuration values (ClientId, ClientSecret, RedirectUri) that will be committed to source control. Consider using appsettings.Development.json or environment variables for these values, and add a comment indicating these are placeholder values that must be configured.
Copilot uses AI. Check for mistakes.
| { | ||
| try | ||
| { | ||
| var client = new HttpClient(); |
There was a problem hiding this comment.
Creating a new HttpClient instance directly can lead to socket exhaustion issues. The class already has IHttpClientFactory injected but it's not being used. Consider using _httpClientFactory.CreateClient() instead of new HttpClient().
| var client = new HttpClient(); | |
| var client = _httpClientFactory.CreateClient(); |
Copilot uses AI. Check for mistakes.
| var accessToken = doc.RootElement.GetProperty("access_token").GetString(); | ||
|
|
||
| // Call Microsoft Graph | ||
| var graphClient = new HttpClient(); |
There was a problem hiding this comment.
Creating a new HttpClient instance directly can lead to socket exhaustion issues. Consider using _httpClientFactory.CreateClient() for this Graph API client as well.
Copilot uses AI. Check for mistakes.
…account in Teams tab