Description
My application calls my server to retrieve sensitive data. I need to make sure my application is only running within Teams for my organization. Currently, the application works without issue if accessed through a browser on my laptop without using Teams - a regular browsing session, essentially. How do I limit my application to only my tenant and only within Teams? Something like if org_id != ... error(). The application is already limited to my organization through the publication process in the Teams app store, but I want more safeguards, and that process doesn't prevent a direct invocation from working anyway.
The relevant parts of my application are as follows:
export default function App() {
const [state, setState] = useState(0)
...
useLayoutEffect(() => {
setState(1)
}, [])
const Authorize = async () => {
teams.app.initialize()
const context = await teams.app.getContext()
gPSEnabled = context.app.host.clientType !== "desktop"
azureID = context.user.id
}
...
useEffect(() => {
if(state === 1) {
Authorize()
setState(2)
}
...
return (
<>
{state < 4 ? <Loading enabled={true}/> :
state === -1 ? <p>Error</p> :
<GlobalConfig.Provider value={config}>
<Routes>
<Route path="schedule/" element={<Schedule/>} />
</Routes>
</GlobalConfig.Provider>}
</>
)
}
It was my understanding that teams.app.initialize() would prevent the application from working beyond the Teams environment, but that is obviously incorrect because I can access the application from a private browsing session in Edge.