Using External JWT login with Microsoft Teams

serettig

Hi,

I’m evaluating whether FusionAuth can be used to authenticate users in out app that can live within Microsoft Teams. In Teams, you can call the Teams SDK to retrieve a JWT auth token (that is issued by Azure AD without a further login). I‘d like to use this token to authenticate at FusionAuth.

It looks like FusionAuth will work for this scenario, but I‘m unsure if the „managed domains“ you have to set up will be a problem: Our teams app has multi-tenant support and we don‘t know from which domains users will login.

Does anyone have experience with our scenario? Can you also have external JWT auth without limiting it to a domain?

Sebastian

joshua

Hi Sebastian,

I am not very familiar with how Azure issues a JWT bearer token, but I will try and offer you some insights.

I am assuming you are referencing the documentation here?
https://fusionauth.io/docs/v1/tech/identity-providers/external-jwt/#managed-domains

The closest I can currently think of your use case is SSO, but cross domains may give you headaches.
https://fusionauth.io/blog/2021/02/09/single-sign-on-sso-with-fusionauth

Another option could be to write a custom cookie and use a proxy server to orchestrate across different domains, but the implementation can get a bit tricky.

I will let you know if I can see any other potential paths for you.

Thanks,
Josh

joshua

Hi Sebastian,

I did discuss this further with the Development Team. The documentation is in the process of updating, but managed domains are not required in regards to reconciling an external JWT.

In other words, if you want to integrate your Azure AD JWT token with FusionAuth, the JWT can be issued by different domains and still integrate just fine through the API.

Some reading that might be useful:

I hope this helps!

Thanks,
Josh