As you may know, Azure Communication Services SDKs has the ability to allow developers to build custom applications that support Teams identities. These applications can communicate with the Microsoft Teams client or other custom applications utilizing the Azure Communication Services support for Teams identities. With the support for Teams identities, developers can customize a voice, video, chat, and screen-sharing experience for Teams users.
In this Azure Communication Services Authentication Server sample, we would describe how developers can authenticate a Microsoft 365 user by using the Microsoft Authentication Library (MSAL) and retrieving a Microsoft Azure Active Directory (Azure AD) user token. They will then exchange that token for an access token of Teams user with the Azure Communication Services Identity SDK. The access token for Teams user can then be used by the Communication Services Calling SDK.
In a production environment, it's necessary that you implement this exchange mechanism in a back-end service, because requests for an exchange are signed with a secret.
As displayed in the Azure Communication Services Authentication Server - Token Exchange flow diagram below, the Token Exchange for single tenant includes two steps:
- From the Client side, the developer configures the Microsoft Authentication Library (MSAL) to authenticate the Microsoft 365 user using the client application registration that should have been created earlier using application creation steps. This client app registration should have Azure Communication Services Teams.ManageCalls and Teams.ManageChats permissions and these should have been granted admin consent, in order to obtain Microsoft Azure Active Directory (Azure AD) user tokens using Authorization Code Grant flow. The MinimalClient added in the sample for testing the backend service APIs with UI, demonstrates the authentication flow using client app registration.
- From the Server side, the developer initializes the Azure Communication Services Identity SDK and exchanges the incoming Azure Active Directory user token for the access token of Teams user via the identity SDK. The access token of Teams user is then returned to the client application. In the sample, the
/api/token/teamsimplements the suggested server side logic.
If you'd like to contribute to this sample, see CONTRIBUTING.MD.
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
For more information, visit the following links:
- To learn more about the scenario, visit:
- To learn more about the Teams Access Token Management, visit: