js

page_type	description	products	languages	extensions	urlFragment
sample	This sample bot demonstrates implementing SSO in Microsoft Teams using Azure AD.	office-teams office office-365	javascript nodejs	contentType createdDate samples 07/07/2021 13:38:26 PM	officedev-microsoft-teams-samples-bot-conversation-sso-quickstart-js

Teams Conversation Bot SSO quick-start

This sample demonstrates how to implement Single Sign-On (SSO) for Teams bots using Azure Active Directory and the Bot Framework. It includes comprehensive setup instructions for authentication, tunneling, and deploying to Azure, offering a streamlined way to authenticate users and access Microsoft Graph data directly within Teams.

This bot has been created using Bot Framework, it shows how to get started with SSO in a bot for Microsoft Teams.

The focus of this sample is how to use the Bot Framework support for OAuth SSO in your bot. Teams behaves slightly differently than other channels in this regard. Specifically an Invoke Activity is sent to the bot rather than the Event Activity used by other channels. This Invoke Activity must be forwarded to the dialog if the OAuthPrompt is being used. This is done by subclassing the ActivityHandler and this sample includes a reusable TeamsActivityHandler. This class is a candidate for future inclusion in the Bot Framework SDK.

The sample uses the bot authentication capabilities in Azure Bot Service, providing features to make it easier to develop a bot that authenticates users to various identity providers such as Microsoft Entra ID, GitHub, Uber, etc. The OAuth token is then used to make basic Microsoft Graph queries.

IMPORTANT: The manifest file in this app adds "token.botframework.com" to the list of validDomains. This must be included in any bot that uses the Bot Framework OAuth flow.

Included Features

• Teams SSO (bots)
• Adaptive Card
• Graph API

Interaction with app

Prerequisites

• Microsoft Teams is installed and you have an account (not a guest account)
• To test locally, NodeJS must be installed on your development machine (version 16.14.2 or higher)
• dev tunnel or ngrok latest version or equivalent tunneling solution
• M365 developer account or access to a Teams account with the appropriate permissions to install an app.
• Teams Toolkit for VS Code or TeamsFx CLI
• If you are using Ngrok to test locally, you'll need Ngrok installed on your development machine. Make sure you've downloaded and installed Ngrok on your local machine. ngrok will tunnel requests from the Internet to your local computer and terminate the SSL connection from Teams.

Run the app (Using Teams Toolkit for Visual Studio Code)

The simplest way to run this sample in Teams is to use Teams Toolkit for Visual Studio Code.

1. Ensure you have downloaded and installed Visual Studio Code
2. Install the Teams Toolkit extension
3. Select File > Open Folder in VS Code and choose this samples directory from the repo
4. Using the extension, sign in with your Microsoft 365 account where you have permissions to upload custom apps
5. Select Debug > Start Debugging or F5 to run the app in a Teams web client.
6. In the browser that launches, select the Add button to install the app to Teams.

If you do not have permission to upload custom apps (sideloading), Teams Toolkit will recommend creating and using a Microsoft 365 Developer Program account - a free program to get your own dev environment sandbox that includes Teams.

Run the app (Manually Uploading to Teams)

Note these instructions are for running the sample on your local machine, the tunnelling solution is required because the Teams service needs to call into the bot.

1. Setup for Bot SSO

• Refer to Bot SSO Setup document

• Ensure that you've enabled the Teams Channel

• While registering the Azure bot, use https://<your_tunnel_domain>/api/messages as the messaging endpoint.

  NOTE: When you create your app registration in Azure portal, you will create an App ID and App password - make sure you keep these for later.

2. Run ngrok - point to port 3978

   ngrok http 3978 --host-header="localhost:3978"

   Alternatively, you can also use the dev tunnels. Please follow Create and host a dev tunnel and host the tunnel with anonymous user access command as shown below:

   devtunnel host -p 3978 --allow-anonymous

3. Setup for code

• Clone the repository

  git clone https://github.com/OfficeDev/Microsoft-Teams-Samples.git

• In a terminal, navigate to samples/bot-conversation-sso-quickstart/js

• Install modules

  npm install

• Update the .env configuration for the bot to use the Microsoft App Id and App Password from the step 1 (Microsoft Entra ID app registration in Azure portal or from Bot Framework registration. (Note the MicrosoftAppId is the AppId created in step 1, the MicrosoftAppPassword is referred to as the "client secret" in step1 and you can always create a new client secret anytime.) Also, update connectionName as the name of your Azure Bot connection created in step 1.

  • MicrosoftAppType - Set this as MultiTenant to if your bot is supported on multiple tenants, otherwise SingleTenant.
  • MicrosoftAppTenantId - Set your tenantId here if you are using single tenant app registration.

• Run your bot at the command line:

  npm start

4. Setup Manifest for Teams

• This step is specific to Teams.
  • Edit the manifest.json contained in the appManifest/ folder to replace with your MicrosoftAppId (that was created in step1.1 and is the same value of MicrosoftAppId in .env file) everywhere you see the place holder string {MicrosoftAppId} (depending on the scenario the Microsoft App Id may occur multiple times in the manifest.json) <<DOMAIN-NAME>> with base Url domain. E.g. if you are using ngrok it would be https://1234.ngrok-free.app then your domain-name will be 1234.ngrok-free.app and if you are using dev tunnels then your domain will be like: 12345.devtunnels.ms.
  • Zip up the contents of the appManifest/ folder to create a manifest.zip
  • Upload the manifest.zip to Teams (in the left-bottom Apps view, click "Upload a custom app")

Note: If you are facing any issue in your app, please uncomment this line and put your debugger for local debug.

Running the sample

Adding bot UI:

Welcome to teamsBot:

Login command interaction:

View your token:

You can interact with this bot by sending it a message. The bot will respond by asking for your consent, by this consent the Bot will exchange an SSO token, then making a call to the Graph API on your behalf and returning the results. It will keep you loggined unless you send a message "logout".

Further reading

• Bot Framework Documentation
• Bot Basics
• Azure Portal
• Add Authentication to Your Bot Via Azure Bot Service
• Activity processing
• Azure Bot Service Introduction
• Azure Bot Service Documentation
• .NET Core CLI tools
• Azure CLI
• Azure Portal
• Language Understanding using LUIS
• Channels and Bot Connector Service
• Microsoft Teams Developer Platform