Open
Conversation
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Microsoft Teams app packaging + documentation and wires up Teams SSO (OBO flow) to let SimpleChat authenticate seamlessly when embedded as a Teams tab.
Changes:
- Introduces Teams SSO login UX (
/loginTeams-detection page) and a new backend token exchange endpoint (/auth/teams/token-exchange). - Updates security/session behavior for iframe embedding (CSP
frame-ancestors, SameSite cookie config) and adds deployment toggles (ENABLE_TEAMS_SSO, bicep params). - Adds Teams app package assets (manifest template + icons) and end-user documentation + release notes.
Reviewed changes
Copilot reviewed 9 out of 13 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/how-to/teams_app.md | New how-to guide for configuring Azure AD + Teams manifest + env vars |
| docs/explanation/release_notes.md | Release notes entry for Teams app/SSO feature and related infra changes |
| deployers/bicep/modules/appService.bicep | Adds enableTeamsSso param and sets ENABLE_TEAMS_SSO app setting |
| deployers/bicep/main.bicep | Adds top-level enableTeamsSso param; switches ACR suffix to environment-derived value |
| application/teams_app/manifest.template.json | Teams manifest template for SSO-capable app packaging |
| application/teams_app/color.png | Teams app color icon asset |
| application/teams_app/outline.png | Teams app outline icon asset |
| application/single_app/templates/login.html | New Teams-aware login page with Teams SDK detection + token exchange call |
| application/single_app/static/js/MicrosoftTeams.min.js | Bundled Teams JS SDK for disconnected environments |
| application/single_app/route_frontend_authentication.py | Adds Teams SSO branch on /login and new token exchange endpoint |
| application/single_app/config.py | Adds Teams SSO config + CSP frame-ancestors integration and X-Frame-Options gating |
| application/single_app/app.py | Adjusts session cookie settings for iframe/Teams embedding |
| .gitignore | Ignores generated Teams manifest.json file in app package folder |
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Microsoft Teams app packaging + Teams SSO (OBO flow) entrypoint to SimpleChat, along with deployment toggles and documentation so the app can be embedded in Teams and authenticate users automatically.
Changes:
- Adds Teams SSO login page +
/auth/teams/token-exchangetoken exchange endpoint. - Introduces Teams SSO configuration (env vars, CSP
frame-ancestors, session cookie settings). - Adds Teams app manifest template/icons and updated docs + release notes.
Reviewed changes
Copilot reviewed 9 out of 13 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
docs/how-to/teams_app.md |
New how-to for configuring Azure AD + Teams SSO + manifest. |
docs/explanation/release_notes.md |
Release notes entry for Teams integration and related infra changes. |
deployers/bicep/modules/appService.bicep |
Adds enableTeamsSso param and app setting ENABLE_TEAMS_SSO. |
deployers/bicep/main.bicep |
Wires enableTeamsSso through and uses environment-derived ACR suffix. |
application/teams_app/manifest.template.json |
Teams manifest template for packaging the app. |
application/teams_app/color.png |
Teams app icon (color). |
application/teams_app/outline.png |
Teams app icon (outline). |
application/single_app/templates/login.html |
New Teams-aware login page that attempts Teams SSO then falls back. |
application/single_app/static/js/MicrosoftTeams.min.js |
Bundled Teams JS SDK for offline/disconnected environments. |
application/single_app/route_frontend_authentication.py |
Adds Teams-aware /login handling and token exchange endpoint. |
application/single_app/config.py |
Adds Teams SSO env vars + CSP frame-ancestors integration; bumps version. |
application/single_app/app.py |
Adjusts session cookie settings for Teams iframe embedding. |
.gitignore |
Ignores generated application/teams_app/manifest.json. |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Microsoft Teams tab packaging + documentation, and introduces Teams SSO support (OBO token exchange + Teams-aware login entrypoint) along with deployment/config updates.
Changes:
- Added Teams app package assets (manifest template + icons) and a how-to for Teams SSO configuration.
- Implemented Teams-aware
/loginflow and a new/auth/teams/token-exchangeOBO endpoint; updated CSP + session cookie settings for iframe embedding. - Updated Bicep to support enabling Teams SSO via app settings and improved ACR suffix handling; added release notes and ignored generated manifest.
Reviewed changes
Copilot reviewed 9 out of 13 changed files in this pull request and generated 13 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/how-to/teams_app.md | New Teams SSO configuration guide and troubleshooting notes |
| docs/explanation/release_notes.md | Release notes entry for Teams integration + other changes |
| deployers/bicep/modules/appService.bicep | Adds ENABLE_TEAMS_SSO app setting wiring |
| deployers/bicep/main.bicep | Adds enableTeamsSso param + uses dynamic ACR suffix |
| application/teams_app/manifest.template.json | Template Teams manifest for packaging a tab app |
| application/teams_app/color.png | Teams app color icon |
| application/teams_app/outline.png | Teams app outline icon |
| application/single_app/templates/login.html | New Teams-detecting login page that performs SSO + fallback |
| application/single_app/static/js/MicrosoftTeams.min.js | Bundled Teams JS SDK for disconnected environments |
| application/single_app/route_frontend_authentication.py | Teams-aware /login + new /auth/teams/token-exchange endpoint |
| application/single_app/config.py | Adds Teams SSO config + updates CSP frame-ancestors behavior |
| application/single_app/app.py | Updates session cookie flags for iframe embedding |
| .gitignore | Ignores generated application/teams_app/manifest.json |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds first-class Microsoft Teams app support for SimpleChat, including Teams SSO (OBO flow) plus deployment/config/documentation updates to make iframe embedding and SSO work reliably.
Changes:
- Introduces a Teams-aware login experience (
login.html) and a new backend token exchange endpoint (/auth/teams/token-exchange) for Teams SSO. - Adds Teams SSO configuration (env vars + CSP
frame-ancestorshandling) and updates session cookie settings for iframe embedding. - Adds Teams app packaging assets (manifest template + icons), documentation, release notes, and Bicep parameters for enabling Teams SSO.
Reviewed changes
Copilot reviewed 9 out of 13 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/how-to/teams_app.md | New how-to guide for Teams SSO configuration and troubleshooting |
| docs/explanation/release_notes.md | Release notes entry for Teams integration + related infra changes |
| deployers/bicep/modules/appService.bicep | Adds ENABLE_TEAMS_SSO app setting driven by new module param |
| deployers/bicep/main.bicep | Adds enableTeamsSso param + fixes ACR suffix via az.environment() |
| application/teams_app/manifest.template.json | Teams manifest template for packaging the tab app |
| application/teams_app/color.png | Teams app icon asset (color) |
| application/teams_app/outline.png | Teams app icon asset (outline) |
| application/single_app/templates/login.html | New Teams-detecting login page that performs SSO then redirects |
| application/single_app/static/js/MicrosoftTeams.min.js | Bundled Teams JS SDK for disconnected environments |
| application/single_app/route_frontend_authentication.py | Adds Teams-aware /login handling + token exchange endpoint |
| application/single_app/config.py | Adds Teams SSO config + CSP frame-ancestors support and conditional XFO |
| application/single_app/app.py | Updates session cookie flags for Teams iframe embedding support |
| .gitignore | Ignores generated Teams manifest.json package file |
The current implementatoin is only for Teams so it's not consistent across the app. There's also no way to configure the expected origin, which means you would be able to run this app behind a proxy or in kubernetes. Holding off for more robust implementation.
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Microsoft Teams app + Teams SSO (OBO flow) support to SimpleChat, along with deployment/config updates and documentation so the app can be embedded and authenticated inside the Teams client.
Changes:
- Add a Teams-aware login experience (
login.html) and a new backend token exchange endpoint for Teams SSO (/auth/teams/token-exchange). - Introduce Teams SSO configuration/env vars and adjust security headers + session cookie settings to support iframe embedding.
- Add Teams app packaging assets (manifest template + icons), docs/how-to guidance, and update release notes + bicep deployment parameters.
Reviewed changes
Copilot reviewed 9 out of 13 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
docs/how-to/teams_app.md |
New how-to for configuring Teams app + SSO, env vars, and troubleshooting. |
docs/explanation/release_notes.md |
Release notes entry for Teams app/SSO and bicep fix. |
deployers/bicep/main.bicep |
Adds enableTeamsSso param; updates ACR suffix to environment-driven value. |
deployers/bicep/modules/appService.bicep |
Wires enableTeamsSso into app settings (ENABLE_TEAMS_SSO). |
application/teams_app/manifest.template.json |
Template Teams manifest for SSO-enabled tab. |
application/teams_app/color.png / outline.png |
Teams app icon assets. |
application/single_app/templates/login.html |
New Teams detection + SSO login page with fallback to normal AAD auth. |
application/single_app/static/js/MicrosoftTeams.min.js |
Bundled Teams JS SDK for offline/disconnected scenarios. |
application/single_app/route_frontend_authentication.py |
Adds Teams login routing behavior + token exchange endpoint. |
application/single_app/config.py |
Adds Teams SSO config + CSP frame-ancestors behavior; version bump. |
application/single_app/app.py |
Sets cookie attributes needed for Teams iframe embedding when Teams SSO enabled. |
.gitignore |
Ignores a generated application/teams_app/manifest.json. |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Microsoft Teams app packaging + SSO support to SimpleChat, wiring a Teams-aware login experience into the existing Flask/MSAL auth flow and updating deployment/config/docs accordingly.
Changes:
- Added Teams-aware
login.html+ local Teams JS SDK and a new/auth/teams/token-exchangeendpoint for OBO token exchange. - Introduced Teams SSO configuration knobs (
ENABLE_TEAMS_SSO, CSPframe-ancestorshandling, session cookie settings). - Added Teams app package templates/assets + deployment plumbing (Bicep param + env var) and documentation/release notes.
Reviewed changes
Copilot reviewed 9 out of 13 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
docs/how-to/teams_app.md |
New how-to guide for Teams app + SSO configuration and troubleshooting. |
docs/explanation/release_notes.md |
Release notes entry for Teams SSO + related infra changes. |
deployers/bicep/modules/appService.bicep |
Adds enableTeamsSso param and sets ENABLE_TEAMS_SSO app setting. |
deployers/bicep/main.bicep |
Plumbs enableTeamsSso through and uses az.environment().suffixes.acrLoginServer for ACR suffix. |
application/teams_app/manifest.template.json |
Teams manifest template with SSO-ready webApplicationInfo and tab URLs. |
application/teams_app/color.png |
Teams app icon asset. |
application/teams_app/outline.png |
Teams app outline icon asset. |
application/single_app/templates/login.html |
New Teams-aware sign-in page that attempts Teams SSO and falls back to standard login. |
application/single_app/static/js/MicrosoftTeams.min.js |
Vendored Teams JS SDK for disconnected environments. |
application/single_app/route_frontend_authentication.py |
Adds Teams SSO branching in /login and implements /auth/teams/token-exchange. |
application/single_app/config.py |
Version bump + Teams SSO env vars + CSP frame-ancestors composition and conditional X-Frame-Options. |
application/single_app/app.py |
Adjusts session cookie settings for iframe embedding when Teams SSO is enabled. |
.gitignore |
Ignores generated application/teams_app/manifest.json. |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Microsoft Teams app packaging + documentation and wires up Teams SSO (OBO flow) into the existing Flask auth flow, alongside a small Bicep improvement for ACR suffix portability.
Changes:
- Introduces Teams SSO login flow (
/loginTeams-detecting page +/auth/teams/token-exchangeOBO endpoint) and adjusts cookies/CSP to support iframe embedding. - Adds Teams app package assets (manifest template + icons) and a how-to guide for setup/troubleshooting.
- Updates Bicep to use
az.environment().suffixes.acrLoginServerand adds anenableTeamsSsodeployment parameter.
Reviewed changes
Copilot reviewed 9 out of 13 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/how-to/teams_app.md | New how-to guide for Teams SSO configuration and troubleshooting. |
| docs/explanation/release_notes.md | Release notes entry for Teams integration + Bicep fix. |
| deployers/bicep/modules/appService.bicep | Adds enableTeamsSso param and sets ENABLE_TEAMS_SSO app setting. |
| deployers/bicep/main.bicep | Plumbs enableTeamsSso parameter; uses environment-derived ACR suffix. |
| application/teams_app/outline.png | Teams app outline icon asset. |
| application/teams_app/color.png | Teams app color icon asset. |
| application/teams_app/manifest.template.json | Teams manifest template configured for tab + SSO fields. |
| application/single_app/templates/login.html | New Teams-aware login page that attempts Teams SSO then falls back. |
| application/single_app/static/js/MicrosoftTeams.min.js | Bundled Teams JS SDK for disconnected environments. |
| application/single_app/route_frontend_authentication.py | Implements Teams login branching and token-exchange endpoint. |
| application/single_app/config.py | Adds Teams SSO config/env vars and CSP frame-ancestors handling; bumps version. |
| application/single_app/app.py | Sets session cookie attributes for Teams iframe compatibility when enabled. |
| .gitignore | Ignores generated Teams manifest.json. |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Microsoft Teams tab packaging + Teams SSO (OBO) support to SimpleChat, including deployment toggles, CSP/cookie adjustments for iframe embedding, and documentation/templates for configuring the Teams app.
Changes:
- Adds Teams SSO login UX (
/login?teams=true) and a backend token-exchange endpoint (/auth/teams/token-exchange) using MSAL OBO. - Updates security headers and session cookie settings to support Teams iframe embedding.
- Adds Teams app packaging assets (manifest template + icons) and how-to documentation; updates Bicep and release notes.
Reviewed changes
Copilot reviewed 9 out of 13 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/how-to/teams_app.md | New how-to guide for Teams app + SSO configuration. |
| docs/explanation/release_notes.md | Release notes entry for Teams app/SSO and Bicep ACR suffix fix. |
| deployers/bicep/modules/appService.bicep | Adds enableTeamsSso param and sets ENABLE_TEAMS_SSO app setting. |
| deployers/bicep/main.bicep | Plumbs enableTeamsSso into app service module; fixes ACR suffix via az.environment().suffixes.acrLoginServer. |
| application/teams_app/manifest.template.json | Teams manifest template for packaging a personal tab with SSO fields. |
| application/teams_app/color.png | Teams app icon asset (color). |
| application/teams_app/outline.png | Teams app icon asset (outline). |
| application/single_app/templates/login.html | New Teams-aware login page that attempts Teams SSO then falls back to standard Azure AD. |
| application/single_app/static/js/MicrosoftTeams.min.js | Bundled Teams JS SDK for offline/disconnected environments. |
| application/single_app/route_frontend_authentication.py | Adds Teams SSO entry path and /auth/teams/token-exchange endpoint. |
| application/single_app/config.py | Adds Teams SSO env vars; updates CSP frame-ancestors; bumps version. |
| application/single_app/app.py | Sets SameSite=None/Secure/HttpOnly session cookie flags when Teams SSO is enabled. |
| .gitignore | Ignores generated application/teams_app/manifest.json. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.