Bot Framework v4 skills SSO sample.
This bot has been created using Bot Framework, it shows how to create a simple root bot that sends message activities to a skill bot that echoes it back.
-
.NET SDK version 8.0
# determine dotnet version dotnet --version
The solution includes a parent bot (rootBot) and a skill bot (skillBot) and shows how the skill bot can accept OAuth credentials from the root bot, without needing to send it's own OAuthPrompt.
This is the general authentication flow:
- Root bot prompts user to authenticate with an OAuth prompt card.
- Authentication succeeds and the user is granted a token.
- User performs and action on the skill bot that requires authentication.
- The skill bot sends an OAuth prompt card to the root bot.
- The root bot intercepts the OAuth prompt card, aware that the user is already authenticated and that the user should authenticate with the skill via SSO.
- Instead of showing the OAuth prompt card to the user, the root bot sends a token exchange request invoke activity along with the token to the skill.
- The skill's OAuth prompt receives the token exchange request and uses the token from the root bot to continue authenticating.
-
Clone the repository
git clone https://github.com/microsoft/botbuilder-samples.git
-
Create a bot registration in the azure portal for the SkillBot and update appsettings.json with the
MicrosoftAppIdandMicrosoftAppPasswordof the new bot registration. -
Update the
BotFrameworkSkillssection in the RootBot appsettings.json with the app ID for the skill you created in the previous step. -
Create a bot registration in the azure portal for the RootBot and update appsettings.json with the
MicrosoftAppIdandMicrosoftAppPasswordof the new bot registration. -
Add the RootBot
MicrosoftAppIdto theAllowedCallerslist in the SkillBot appsettings.json. -
Create and configure an OAuth connection for RootBot:
- Create an Azure Active Directory V2 application for the root bot following the steps described in Create the Azure AD identity for RootBot
- Open the RootBot registration in the Azure portal, navigate to the Configuration tab and add a new OAuth Connection Settings using the settings of the app you created in the previous step as described in Create an OAuth connection for a root bot
- Update the RootBot appsettings.json
ConnectionNameproperty with the name of the connection you created in the previous step
-
Create and configure an OAuth connection for SkillBot:
- Create an Azure Active Directory V2 application for the skill following the steps described in Create the Azure AD identity for SkillBot
- Open the SkillBot registration in the Azure portal, navigate to the Configuration tab and add a new OAuth Connection Settings using the settings of the app you created in the previous step as described in Create an OAuth connection for a skill
- Update the SkillBot appsettings.json
ConnectionNameproperty with the name of the connection you created in the previous step
-
Open the
SkillsSSOCloudAdapter.slnsolution and configure it to start debugging with multiple processes
Note: leave the MicrosoftAppType and MicrosoftAppTenantId empty to try this example, see the Implement a skill article for additional information on what authentication types are supported for skills.
The Bot Framework Emulator is a desktop application that allows bot developers to test and debug their bots on localhost or running remotely through a tunnel.
- Install the Bot Framework Emulator version 4.14.0 or greater from here
- Launch Bot Framework Emulator
- File -> Open Bot.
- Enter a Bot URL of
http://localhost:3978/api/messages, theMicrosoftAppIdandMicrosoftAppPasswordfor theRootBot. - Click
Connect. - Follow the prompts to initiate the token exchange between the
SkillBotandRootBot, resulting in a valid token displayed.
To learn more about deploying a bot to Azure, see Deploy your bot to Azure for a complete list of deployment instructions.