Server Side Blazor with MS Identity Auth in Teams?

Question

So I have a working Server-Side Blazor application that ties into our company's Azure AD for some internal reporting tables. Nothing fancy, pretty much exactly like all the tutorials around, and it works fine on it's own. Then I was asked to include it as part of our company's Teams tabs.

Figured I'd add it as a Website tab, but then ran into a problem with Microsoft's login page not liking being in an iframe (which makes perfect sense). Question is - can I set an option to force the popup version of the authentication instead of redirect? Startup.cs below

public void ConfigureServices(IServiceCollection services)
{
 //Add our azure security stuff
 string[] graphScopes = Configuration.GetValue<string>("GraphApi:Scopes")?.Split(',');

 services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "AzureAd")
    .EnableTokenAcquisitionToCallDownstreamApi(graphScopes)
    .AddInMemoryTokenCaches();

 //Standard stuff
 services.AddRazorPages();
 services.AddServerSideBlazor().AddMicrosoftIdentityConsentHandler();
 services.AddHttpContextAccessor();

 services.AddControllersWithViews(options =>
 {
    var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
    options.Filters.Add(new AuthorizeFilter(policy));
 }).AddMicrosoftIdentityUI();

 //Add our role handling
 services.AddAuthorization(options =>
 {
    options.AddPolicy("IsAdmin", policy =>
    {
       policy.Requirements.Add(new ADGroupRequirement(new string[] { "{some-hard-coded-test-guid}" }));
    });
 });
 services.AddSingleton<IAuthorizationHandler, ADGroupHandler>();
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
 if (env.IsDevelopment())
 {
    app.UseDeveloperExceptionPage();
 }
 else
 {
    app.UseExceptionHandler("/Error");
    app.UseHsts();
 }
 app.UseHttpsRedirection();
 app.UseStaticFiles();
 app.UseRouting();
 app.UseAuthentication();
 app.UseAuthorization();
 app.UseEndpoints(endpoints =>
 {
    endpoints.MapControllers();
    endpoints.MapBlazorHub();
    endpoints.MapFallbackToPage("/_Host");
 });
}

My next steps are rewriting the auth to not use the nuget packages and instead use the adal js library instead following this page's documentation (MS Teams Silent Auth), and while it'd only cost me a couple days, I'd hate to scrap what I think is a cleaner way of auth to get it to work in our new use case. Hopefully someone can point to something I'm missing.