OAuthPrompt in v4.10.3 + Generic Oauth 2 + IdentityServer = No prompt is shown #4927
Comments
dejancg
added
bug
anusharr
added
Bot Services
|
Does this also occur if you use "Oauth 2 Generic Provider"? |
|
Also, what error message do you get when it doesn't show up? |
|
Hello @jwiley84 , I don't know. We don't use that provider. It has too many fields to configure (which also seem to be undocumented) and we don't want to provide support to our customers regarding something as unintuitive as that. Note that "Generic Oauth 2" works fine with an older Microsoft.Bot.Builder.Dialogs. |
|
@jwiley84 no error message. Just doesn't show up (you can try with the sample I mentioned, it's not hard to reproduce). |
|
Any update on this @jwiley84 ? |
|
Hi @dejancg I'm able to partially reproduce this: that being said, I say partial because I'm not getting the card because I believe my token request is malformed somehow. I am running my bot via command-line and I'm getting the following error: I suspect that this is because the teams auth sample is expecting AAD v2/MSGraph. Are you getting the same error? |
|
@jwiley84 I haven't observed this error. Also, I see your I don't think this is because the teams auth sample is expecting AAD v2 provider. The generic Oauth2 provider works fine when I login from a messaging or action messaging extension. I suspect this has something to do with |
|
In that case, I am unable to repro your issue. This is using 4.10.3. The signin card you see at the top of my screen shot IS the sign in card from the Generic Auth 2 setup, using Twitch.tv as my generic provider. I was able to sign in, though I ran into my blocker after signing in. I dislike being the "have you turned it off and on again" person, but possibly something is wrong with the teams app itself? Have you tried creating a new bot channels registration and re-uploading the app to teams? |
|
Bot Framework reminds me of Windows 95, where if you would eject the CD while it's playing audio, you would get a BSOD. You were probably using the emulator, since you are getting these messages? I will try with the emulator too and see if there is any helpful information. I don't see what could possibly be wrong with the bot channels registration, since the entire sign in process works fine when using any messaging extension. Please take a look at the following code: TokenStatus[] tokenStatusList = null;
try
{
// Check if the user has a token stored already in the bot framework service.
tokenStatusList = await botAdapter
.GetTokenStatusAsync(turnContext, turnContext.Activity.From.Id, oauthConnectionName, cancellationToken).ConfigureAwait(false);
}
catch (Exception ex)
{
throw;
}
// Get the current relevant connection
var tokenStatus = tokenStatusList?.FirstOrDefault(ts => ts.ConnectionName == oauthConnectionName);
// If token is found, fetch the token for the required resources
if (tokenStatus?.HasToken != null && tokenStatus?.HasToken == true)
{
var tokenResponseDictionary = await botAdapter.GetAadTokensAsync(turnContext,
oauthConnectionName,
new string[] { "myCustomAudience" },
turnContext.Activity.From.Id,
cancellationToken).ConfigureAwait(false);
if (tokenResponseDictionary != null)
{
accessToken = tokenResponseDictionary["myCustomAudience"].Token;
}
}
// If token was not present in the bot framework service, check if we are in the middle of the sign in flow.
// This is done by checking if the request from Teams to the bot service contains a magic code in the "turnContext.Activity.Value.state" property.
// If we are in the middle of the auth flow and magic code is found, fetch the token using the magic code.
dynamic res = turnContext.Activity.Value;
if (string.IsNullOrEmpty(accessToken) && res != null)
{
var state = res.state;
if (state != null)
{
string stateString = state;
var tokenResponse = await botAdapter.GetUserTokenAsync(turnContext, oauthConnectionName, stateString, cancellationToken).ConfigureAwait(false);
if (tokenResponse != null)
{
accessToken = tokenResponse.Token;
}
}
}
//4. If access token is still empty, this means the user has not signed in to the bot. Send the user a sign-in action.
if (string.IsNullOrEmpty(accessToken))
{
var oAuthSignInLink = await botAdapter.GetOauthSignInLinkAsync(turnContext, oauthConnectionName, cancellationToken).ConfigureAwait(false);
return (false, oAuthSignInLink);
}
return (true, accessToken);This is a function which checks whether users are signed in, and if so, retrieves the access token. Else, the function would return the sign-in link. The sign-in link is afterwards displayed to users by using the following code: var composeExtensionResult = new MessagingExtensionResult
{
Type = "auth",
SuggestedActions = new MessagingExtensionSuggestedAction
{
Actions = new List<CardAction>
{
new CardAction
{
Type = ActionTypes.OpenUrl,
Value = signInAddress, // the address returned from the previous method
Title = title,
}
}
}
};and returned as either I hope you agree that, if the above procedure works fine, this issue can't be the bot channels registration's fault. What bothers me is that you are not able to reproduce it. Twitch or any other Oauth2 provider, it shouldn't make any difference. |
|
No. It would have been rather silly of me to try to repro a teams issue on emulator as they behave differently. That being said: I used the Teams Auth Sample (https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/csharp_dotnetcore/46.teams-auth) and the Teams channel. Let me attempt a repro using your code and let you know what I get. |
|
Here is the output from VS, if it can be of any help: It seems it finishes the request with status code 200. Is there a way to inspect the response? |
|
@jwiley84 I have new information. OAuthPrompt works with 4.10 and Generic Oauth2 provider using Github app info. However, here is an interesting thing - I switched to "4.8" branch of BotBuilder-Samples and OAuthPrompt works fine there. So to work around this, I will downgrade my BotBuilder libraries to 4.8 as well, until you guys work this thing out. editing repro steps now |
dejancg
changed the title
|
@jwiley84 it seems I made a mistake when configuring the Generic Oauth2 provider after all. BotBuilder 4.10 is probably using the Token Exchange URL which wasn't used by the previous BotBuilder versions. The problem was that I wrongfully set the value of Token Exchange URL to the token endpoint URL, where it had to be left blank. When I cleared the value, since it's an optional field, the OAuthPrompt started to show, even with 4.10. Please accept my apologies for wasting your time on this issue. |
OAuthPrompt in Microsoft.Bot.Builder.Dialogs v4.10.3 seems to be broken when using the connection name of "Generic Oauth 2" service provider - it is not displayed in Teams dialog with the bot, nor in WebChat.
To Reproduce
your_client_idyour_client_secret["https://token.botframework.com/.auth/web/redirect"]falsetrue,["openid", "profile"],["authorization_code"],false, <-- necessary so Bot services can use it, as Bot services don't seem to support PKCETokenUsage.ReUse<-- the Bot services seem unable to handle the one-time refresh tokensyour_client_id,your_client_secret,https://<your identity server address>/connect/authorize,https://<your identity server address>/connect/token,https://<your identity server address>/connect/token,openid profileScreenshots
The configuration of Generic OAuth 2 service provider connection:
Additional context
This is the output from VS debugging:
Note that the sign in via this connection name works fine when used with messaging extensions:
Also, if I sign in through the messaging extension first, the
OAuthPromptwill correctly retrieve the access token for either requested connection name.Also.... I tried with an older 46.teams-auth sample which used v4.6.2 and it also worked fine.
Pls fix 🥇
The text was updated successfully, but these errors were encountered: