Add support for certificate files #193
Open
+72
−5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Oct 30, 2025
Open
heyitsaamir
added a commit
that referenced
this pull request
Oct 30, 2025
## Context This fixes #184 which stated that the token wasn't being refreshed after an hour. This was because we weren't refreshing it on use. In typescript, we refresh the token on every [app.process](https://github.com/microsoft/teams.ts/blob/1f2d735ce02d0add1dc308f9e9df28f0c3fb6985/packages/apps/src/app.process.ts#L31). But this actually still leaves _proactive scenarios_ to used an cached, potentially expired, tokens. To remediate this, the token that gets passed to the API is a factory which refreshes the token if the cached token is expired. For the record C# sets the token value to be [refreshable](https://github.com/microsoft/teams.net/blob/19e4df96dac1524ae99d6c06bd4891fa5535ca67/Libraries/Microsoft.Teams.Apps/App.cs#L67C1-L67C46) (just as this PR is attempting to do). ## Changes This PR includes several changes 1. No more graph token manager. Instead we now have a TokenManager which manages all tokens. Soon, this might change to msal doing the changes 2. The app no longer refreshes token on start. But it does it the first time the token is being used. Because of this, the id field is now from the credentials, and the "name" field had to be removed. I don't think this should cause a big deal because name is honestly, not a very well used (or documented) field. **This is a breaking change though**. 3. The token that's being passed around now is an async function that either gets the token from the cache, or refreshes it if it's expired. ## Testing 1. Unit tests 2. Sanity tests to make sure we can send messages etc normally. 3. Tested to make sure app token refreshes automatically after an hour 4. Tested user graph tokens 5. Tested app graph tokens #### PR Dependency Tree * **PR #187** 👈 * **PR #191** * **PR #192** * **PR #193** This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal)
heyitsaamir
force-pushed
the
aamirj/UMI
branch
from
d359a73 to
206a15a
Compare
heyitsaamir
force-pushed
the
aamirj/certs
branch
4 times, most recently
from
94c8bfc to
9f37215
Compare
heyitsaamir
force-pushed
the
aamirj/certs
branch
from
9f37215 to
476e4b1
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds support for authenticating via a cert. It does so via two env variables:
CERTIFICATE_PRIVATE_KEY_PATHwhich is the path for the private key fileCERTIFICATE_THUMBPRINTwhich is the thumbprint for the cert.Not tested yet.
PR Dependency Tree
This tree was auto-generated by Charcoal