Introduce msal #191
Open
Introduce msal #191
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
heyitsaamir
force-pushed
the
aamirj/msal
branch
from
e41253e to
4a83f10
Compare
rido-min
reviewed
Oct 29, 2025
| TokenProtocol, | ||
| ) | ||
| from microsoft.teams.common import Client, ConsoleLogger, LocalStorage, LocalStorageOptions | ||
| from microsoft.teams.api.auth.credentials import TokenCredentials |
There was a problem hiding this comment.
do we still need our own TokenCredential?
There was a problem hiding this comment.
It's just an override if someone wants to provide their own token provider and handle auth themselves. I think it's wise to keep it just in case someone wants to handle this themselves. Thoughts?
heyitsaamir
added a commit
that referenced
this pull request
Oct 30, 2025
## Context This fixes #184 which stated that the token wasn't being refreshed after an hour. This was because we weren't refreshing it on use. In typescript, we refresh the token on every [app.process](https://github.com/microsoft/teams.ts/blob/1f2d735ce02d0add1dc308f9e9df28f0c3fb6985/packages/apps/src/app.process.ts#L31). But this actually still leaves _proactive scenarios_ to used an cached, potentially expired, tokens. To remediate this, the token that gets passed to the API is a factory which refreshes the token if the cached token is expired. For the record C# sets the token value to be [refreshable](https://github.com/microsoft/teams.net/blob/19e4df96dac1524ae99d6c06bd4891fa5535ca67/Libraries/Microsoft.Teams.Apps/App.cs#L67C1-L67C46) (just as this PR is attempting to do). ## Changes This PR includes several changes 1. No more graph token manager. Instead we now have a TokenManager which manages all tokens. Soon, this might change to msal doing the changes 2. The app no longer refreshes token on start. But it does it the first time the token is being used. Because of this, the id field is now from the credentials, and the "name" field had to be removed. I don't think this should cause a big deal because name is honestly, not a very well used (or documented) field. **This is a breaking change though**. 3. The token that's being passed around now is an async function that either gets the token from the cache, or refreshes it if it's expired. ## Testing 1. Unit tests 2. Sanity tests to make sure we can send messages etc normally. 3. Tested to make sure app token refreshes automatically after an hour 4. Tested user graph tokens 5. Tested app graph tokens #### PR Dependency Tree * **PR #187** 👈 * **PR #191** * **PR #192** * **PR #193** This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal)
heyitsaamir
force-pushed
the
aamirj/msal
branch
from
b4b57a3 to
1a84d4d
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In this PR, we introduce MSAL as a dependency to take care of authentication for us. We replace the use of bot token client with this library. It still uses secrets by default, but uses MSAL to do it.
Tested the general flows (regular + graph)
PR Dependency Tree
This tree was auto-generated by Charcoal