I created an SPFx Web part for SharePoint Online, in Typescript.
What I want to achieve is to consumme an Azure OpenAI instance from the browser, under the identity of the currently logged-in user.
I included the following packages in my SPFx solution:
- @azure/identity 4.4.1
- @azure/openai 2.0.0-beta.1
To authenticate against Azure, I registered an Azure App with delegated permissions to OpenAI.
I then use the following code:
const credentials = new InteractiveBrowserCredential({
tenantId: <tenantId>,
clientId: <clientId>,
redirectUri: window.location.protocol + '//' + window.location.host + window.location.pathname,
loginStyle: "redirect", // I also tried: "popup",
loginHint: <userName>,
});
const azureADTokenProvider = getBearerTokenProvider(credentials, "https://cognitiveservices.azure.com/.default");
this.m_client = new AzureOpenAI({
azureADTokenProvider,
baseURL: <openAIAPIBaseUrl>,
apiVersion: <openAIAPIVersion>,
deployment: <openAIAPIDeployment>
});
Everything works great!… if I navigate the SharePoint site, where the SPFx Web part is deployed, from a standard brower.
But my goal however is to host the SharePoint site in a Teams tab: users will navigate the site from the Teams application.
And here is the problem: the above authentication code, involving InteractiveBrowserCredential can either leverages a popup or redirections.
-
With the
popupmode, it fails with error popup_window_error: Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser. as Teams does not allow popups. -
With the
redirectmode, it also fails. The error reads: redirect_in_iframe: Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs. This time, it’s because of theX-Frame-Optionsheader set toDENYby the login page sent by Microsoft.
How can I achieve silent authentication from my WPFx Web part when the site is rendered in a Teams tab?
3