Reputation: 11
OAuthPrompt and TeamsBotSsoPrompt and AdaptiveCard are not work for SSO in Teams Bot
I have tried 3 ways to implement SSO in Teams bot but none of them works. Is there any other way? What's wrong with these?
- Use of "OAuthPrompt" (botbuilder-dialogs) with source code from https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/bot-conversation-sso-quickstart/js
- Use of (oAuthCard) AdaptiveCard from CardFactory with source code from https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/bot-sso-adaptivecard
- Use of TeamsBotSsoPrompt from "@microsoft/teamsfx" with source code from https://github.com/OfficeDev/teams-toolkit-samples/tree/v2.5.0/bot-sso
- I check with the documentation from Microsoft and make sure my App Registrations and configurations were set up correctly.
- token.botframework.com, and graph.microsoft.com, *.ngrok-free.app, *.ngrok.io, "[my-domain].asse.devtunnels.ms" are added to the valid Domains list (Manifest file)
(1) "OAuthPrompt"
There is no response after "beginDialog(OAUTH_PROMPT)" and the request timeout at the end. No response from OAuthPrompt
No "Continue" button is shown as usual before
Works fine in "Test in Web Chat" from "Azure Portal"
async promptStep(stepContext) {
try {
return await stepContext.beginDialog(OAUTH_PROMPT);
} catch (err) {
console.error(err);
}
}
this.addDialog(new OAuthPrompt(OAUTH_PROMPT, {
connectionName: process.env.connectionName,
text: 'Please Sign In',
title: 'Sign In',
timeout: 300000
}));
async loginStep(stepContext) {
// Get the token from the previous step. Note that we could also have gotten the
// token directly from the prompt itself. There is an example of this in the next method.
const tokenResponse = stepContext.result;
if (!tokenResponse || !tokenResponse.token) {
await stepContext.context.sendActivity('Login was not successful please try again.');
} else {
const client = new SimpleGraphClient(tokenResponse.token);
const me = await client.getMe();
const title = me ? me.jobTitle : 'UnKnown';
await stepContext.context.sendActivity(`You're logged in as ${me.displayName} (${me.userPrincipalName}); your job title is: ${title}; your photo is: `);
const photoBase64 = await client.GetPhotoAsync(tokenResponse.token);
const card = CardFactory.thumbnailCard("", CardFactory.images([photoBase64]));
await stepContext.context.sendActivity({attachments: [card]});
return await stepContext.prompt(CONFIRM_PROMPT, 'Would you like to view your token?');
}
return await stepContext.endDialog();
}
(2) "AdaptiveCard"
Although there is a token returned, the token can't be verified by Microsoft Graph API, with error "invalid audience"
No sign-in window was pop up for SSO (that is the same as OAuthPrompt Dialog before)
I have make sure that Graph User.Read is setup in "API Permission" from " App Registration"
When I set "xxxx" which does NOT exist in bot's "OAuth Connection Setting) as "connectionName" in environment variable, the token is still returned
(3) "TeamsBotSsoPrompt"
- Similar to OAuthPrompt, there is no tokenResponse after use if "TeamsBotSsoPrompt" and therefore return error message to user. No token response from TeamsBotSsoPrompt TeamsBotSsoPrompt no response
Upvotes: 1
Views: 85
Answers (1)
Reputation: 1148
I have been experiencing the same issue. I found that most of the examples state that the app reg's allowed redirect urls should include this value:
https://{BOT_DOMAIN}/auth-end
But from deconstructing the code scaffolded by TeamsToolkit I could see the url used there was actually:
https://{BOT_DOMAIN}/bot-auth-end
This seems to have solved my issue
Upvotes: 0
Related Questions
- Debugging Bot Framework Bot in Teams
- Unauthorized Exception in OAuthPrompt in MS Teams Bot GCC High
- Teams bot SSO without dialogs framework. Invalid x5t claim
- OauthPrompt is not working inside of teams, works fine in emulator and in 'Test in Web chat'
- AdaptiveCard is shown without app icon/name in ms teams
- Microsoft Teams Authentication : Unable to retrieve token in teams bot ( V4 SDK)