I'm trying to deploy my application built on the team toolkit scaffolding for multi-tenant. I created a CDN endpoint and updated my state JSON object to reflect the new front-end endpoint. After provisioning, deploying and making the account setting change to multi-tenant. I uploaded my app to our company tenant and I'm getting the following error in my tab configuration where the user is supposed to be able to log in.
OutOfRangeInputOne of the request inputs is out of range. RequestId:47fca9cc-f01e-004a-7a11-e434e9000000 Time:2022-10-19T23:24:05.3740757Z
Is there any workaround to get a team's toolkit app to be multi-tenant supported? I am trying to get this app validated for the teams store.
You can follow the steps here to enable multi-tenant in Teams Toolkit:
Provision your Tab project.
Open .fx\states\state.{envName}.json and note the value ofdomain under fx-resource-front-hosting.
Create Azure CDN and CDN endpoint and point to frontend storage. Note you need to choose endpoint type as Storage static website when creating your CDN.
Open templates\azure\provision\azureStorageTab.bicep file, and find the following two lines:
output endpoint string = 'https://${siteDomain}'
output domain string = siteDomain
and replace with:
output endpoint string = 'https://sample.azureedge.net'
output domain string = 'sample.azureedge.net'
Open templates/appPackage/aad.manifest.json, find signInAudience and set value as AzureADMultipleOrgs
Open .fx/configs/azure.parameter.${env}.json and find the following line:
"m365TenantId": "{{state.fx-resource-aad-app-for-teams.tenantId}}",
and replace with:
"m365TenantId": "common",
Run Provision and Deploy in your project.
Related
I am developing a Teams App which have Tab and Search Message extension as a capability. The app should support multitenant scenarios, where the app will be deployed on different tenant and should be able to do some operation using Graph api. Hence I am calling a On-Behalf-user token. My request fails for these scenarios. When I tried to make Tab App registration to support Multitenant, I receive below error:
and when I am querying for Graph Token, I get CORS Issue:
Let me know what should be my next step.
Please take a look at this Github Issue.
Main reason of this failure is that Azure AD requires verified domain as Application ID Uri for Multi-tenant apps.
Please have a look at this doc, to understand Why changing to multi-tenant can fail?
Key point from doc are
Can sometimes fail due to Application ID URI (App ID URI) name collisions.
For a multi-tenant application, Application ID URI must be globally unique so Azure AD can find the app across all tenants
Hello all.
I have been assigned the task of fetching unanswered emails from the inbox of each member of our Google domain using Spring Boot, but I haven't been able to do it.
In first place, I need the list of users from the domain. This can be achieved via Directory API (which cannot be enabled by that name in the Google Developer console, by the way. Looks like it belongs to Admin SDK or so).
What I have faced so far is this:
There are many related questions on SO, but most of them are outdated.
Java Quickstart for Google Directory API does not include an example using service accounts, and I want to use them because my app runs in a docker container, and using Oauth means I need to manually authorize it every time I deploy a new version or restart the container.
Google documentation makes reference to "API Reference" settings in Admin console, but I don't see that section there.
I am not storing credentials in a JSON file, I have them in an environment variable instead. I am doing this:
var inputStream = IOUtils.toInputStream(apiCredentials, Charset.defaultCharset()); //apiCredentials is a string with the JSON contents.
var credential = GoogleCredential
.fromStream(inputStream, httpTransport, JacksonFactory.getDefaultInstance())
.createScoped(Collections.singleton(DirectoryScopes.ADMIN_DIRECTORY_USER));
var directoryService = new Directory.Builder(httpTransport, JacksonFactory.getDefaultInstance(), credential)
.setApplicationName("My App")
.build();
var result = directoryService.users().list()
.setPageToken(pageToken)
.setDomain("my.domain")
.setMaxResults(10)
.execute();
After this, I get a 400 Bad request error, with no further description.
What am I doing wrong here?
I followed below article to add authentication to my azure bot. Everything works fine, except below step:
https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=javascript#azure-ad-v1
Register your Azure AD application with your bot, step g, to add Resource URL
In my case, I need to grant bot permission to access both powerbi and sharepoint API, according to the document they are in two different domain, https://analysis.windows.net/powerbi/ and https://mytanent.sharepoint.com
But this field in bot setting page can only accept one URL.
Anyone can help on this?
Thanks.
It is recommended that you use AADv2, which requires no resource URL. If you use AADv1 then you can probably still use https://graph.microsoft.com/ as your resource URL, but if that doesn't work then you might try just using your app registration's client ID as the resource URL. The place where you'll want to configure Power BI and SharePoint permissions is described in Create your Azure AD application 6c:
My requirement is to develop an application that should
create static html files
create a new site (with the static html files in #1) in Azure App Service or Hosting server.
i.e for #2,I need to automate the Publish activity that's done from Visual Studio to take it to the public server. So say on a Button click, the app should use the required details like credentials, app service\hosting provider details... and create a new site there.
My Query
Is this possible?
If so please do share it with me or send me some pointers on it.
Else let me know how I can implement this.
You could create azure app service using rest api with this link.
Also, you could deploy webapp to azure app service with ZIP or WAR file. Please refer to this one.
The required details like credentials, app service\hosting provider details you need to manually fill down to achieve deploy webapp function.
I am trying to run the Sinatra sample app given in the Azure Active Directory Library for Ruby: https://github.com/AzureAD/azure-activedirectory-library-for-ruby. The sample is here: https://github.com/AzureAD/azure-activedirectory-library-for-ruby/tree/dev/samples/authorization_code_example
The provided README.md file tells me that I need to do this:
Register a web application under your Azure Active Directory account.
Replace CLIENT_ID, CLIENT_SECRET and TENANT with your values.
My problem is that it is not clear how to map any 3 of these values to the various fields available for the Web App that I have setup in Active Directory.
I am guessing that TENANT maps to a URL that will point my app to our ActiveDirectory configuration.
I am guessing that CLIENT_ID maps to the application id of my web app
I am very unsure about the CLIENT_SECRET
I am looking for clarity on these three fields and anything else I need to do to make this sample work.
This seems to work:
CLIENT_ID is the Application ID shown in the settings of the AD App Registration for the configured Web app.
CLIENT_SECRET is a password value a password set in the 'Keys' section of the Web app details.
TENANT should be a registered domain name for the AD tenant.
See: https://msdn.microsoft.com/Library/Azure/Ad/Graph/howto/azure-ad-graph-api-operations-overview?f=255&MSPPError=-2147217396#TenantIdentifier