Single sign on in tabs using external identity provider

Question

From the tab application I need to access an external API. For authenticating the tab application with this external API I use OAuth. My question would be that is there any way to implement SSO in tabs when I use an external identity provider for authentication? My goal would be that the user only has to sign into the tab app in one Teams client so he won't have to sign into the tab app in other Teams clients where he is logged in. If it's not possible with an external identity provider then a solution would be also appropriate where the user has to sign into the tab app in each Teams client only once.

I checked the following article about SSO authentication for tabs, but this method cannot be used when an external identity provider is used for authentication: https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-aad-sso?tabs=dotnet

If I cannot use SSO with an external identity provider then how should I properly store the tokens received during the authentication? At the moment I'm trying to use the Teams JavaScript SDK for authentication, but after obtaining the required tokens I have to manually store them on client or server side which I don't want to do.

Under the following link similar questions were asked but it hasn't got any answers for more:
Single sign on in Teams application between tabs and the bot
In my case I cannot use oidc because it's not supported by the external identity provider.

Answer 1

You can use external OAuth providers:

microsoftTeams.authentication.authenticate({
   url: 'https://3p.app.server/auth?oauthRedirectMethod={oauthRedirectMethod}&authId={authId}',
   isExternal:?true,
   successCallback:?function?(result)?{
   //sucess 
   }?failureCallback:?function?(reason)?{
   //failure 
    }
});

Reference doc: https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-oauth-provider