Reputation: 11
Issue with MS Teams Bot Authentication (AADSTS700016: Application Not Found in Directory)
I'm developing an MS Teams bot for the first time, which will be used in a Teams channel within my company. The goal is to eventually migrate the functionalities of our existing Slack chatbot to this Teams bot.
I have permissions to upload a custom app to Teams, but I don’t have access to our Azure portal. A colleague has already created a Microsoft Entra ID (Azure AD) application for the bot, and I have the following credentials:
Application (Client) ID
Client Secret
Tenant ID
Since I’m new to MS Teams development, I used the MS Teams Toolkit for Visual Studio Code (JavaScript) to generate the project structure. After reviewing the configuration and environment files, I noticed that the BOT_TENANT_ID key was missing from the environment variables.
Because the config.js file appeared to be pulling the bot tenant ID from the environment variables, I manually added the missing key (BOT_TENANT_ID) along with the corresponding value, hoping it would work.
When debugging in Teams, the bot successfully joins the channel and receives messages, but it fails to send responses, throwing the following error:
App received message: hi
[onTurnError] unhandled error ServerError: unauthorized_client: Error(s): 700016 - Timestamp: 2025-02-27 13:26:16Z - Description: AADSTS700016: Application with identifier 'xxx' was not found in the directory 'Bot Framework'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant. Trace ID: xxx Corre
lation ID: xxx Timestamp: 2025-02-27 13:26:16Z - Correlation ID: xxx - Trace ID: xxx
at ResponseHandler.validateTokenResponse (\src\chatops_test\node_modules\@azure\msal-node\lib\msal-node.cjs:6740:33)
at ClientCredentialClient.executeTokenRequest (\src\chatops_test\node_modules\@azure\msal-node\lib\msal-node.cjs:11333:25)
at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
at async ConfidentialClientApplication.acquireTokenByClientCredential (\src\chatops_test\node_modules\@azure\msal-node\lib\msal-node.cjs:11679:20) {
errorCode: 'unauthorized_client',
errorMessage: "Error(s): 700016 - Timestamp: 2025-02-27 13:26:16Z - Description: AADSTS700016: Application with identifier 'xxx' was not found in the directory 'Bot Framework'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant. Trace ID: xxx Correlation ID: xxx Timestamp: 2025-02-27 13:26:16Z - Correlation ID: xxx - Trace ID: xxx'',
subError: '',
errorNo: 700016,
status: 400,
correlationId: 'xxx'
}
ServerError: unauthorized_client: Error(s): 700016 - Timestamp: 2025-02-27 13:26:16Z - Description: AADSTS700016: Application with identifier 'xxx' was not found in the directory 'xxx'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant. Trace ID: xxx Correlation ID: xxx Timestamp: 2025-02-27 13:26:16Z - Correlation ID: xxx - Trace ID: xxx
at ResponseHandler.validateTokenResponse (\src\chatops_test\node_modules\@azure\msal-node\lib\msal-node.cjs:6740:33)
at ClientCredentialClient.executeTokenRequest (\src\chatops_test\node_modules\@azure\msal-node\lib\msal-node.cjs:11333:25)
at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
at async ConfidentialClientApplication.acquireTokenByClientCredential (\src\chatops_test\node_modules\@azure\msal-node\lib\msal-node.cjs:11679:20) {
errorCode: 'unauthorized_client',
errorMessage: "Error(s): 700016 - Timestamp: 2025-02-27 13:26:16Z - Description: AADSTS700016: Application with identifier 'xxx' was not found in the directory 'xxx'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant. Trace ID: xxx Correlation ID: xxx Timestamp: 2025-02-27 13:26:16Z - Correlation ID: xxx - Trace ID: xxx",
subError: '',
errorNo: 700016,
status: 400,
correlationId: 'xxx'
}
I verified the credentials: The Application ID is correct, but the directory (tenant) appears to be incorrect — I assume it refers to the Tenant ID. Checked Environment Variables: I ensured that BOT_TENANT_ID is correctly added to the .env files. I attempted to follow Microsoft's guide on using an existing AAD app (https://learn.microsoft.com/en-us/microsoftteams/platform/toolkit/use-existing-aad-app), but the documentation seems to be outdated and doesn’t match the current Teams Toolkit template.
It seems like the Tenant ID might not be getting read correctly, or it’s being pulled from another location.
Question: Where does the MS Teams Toolkit expect the Tenant ID to be set? Is there another place where the bot might be fetching this value from? How can I ensure that the correct Tenant ID is used for authentication?
Any guidance would be appreciated!
Upvotes: 1
Views: 35
Answers (1)
Reputation: 46
You need to set your Microsoft Entra ID (Azure AD) application to multi-tenant in order to let the BotFramework SDK to find it.
Upvotes: 1
Related Questions
- Azure Bot Service Authentication with Azure AD – AADSTS50013 Signature Validation Failure
- Single Tenant Teams Bot Authentication Error: Missing access_token
- Microsoft Bot Framework - bot missing from "Bot Framework" tenant. How to add?
- Which tenant owns the application created by teams fx toolkit?
- Facing HTTP error when communicate with teams bot by using teamsFx
- How to authenticate to MS Teams from a chatbot in a dedicated tenant with Microsoft Bot Framework SDK v4?
- Teams Icon in Microsoft Teams Configurable Tab
- How to test Conversation bot localhost
- Microsoft Teams bot working from emulator and localhost but not teams app