Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Dev support] [JS]: Oauth consent flow not working with regional bot service #2186

Open
Benjiiim opened this issue Nov 15, 2024 · 5 comments
Labels
dev support Dev support tracking

Comments

@Benjiiim
Copy link
Contributor

Benjiiim commented Nov 15, 2024

Question

With Teams AI Library, how to configure OAuth auth with a multi-tenant regional bot service to make the user consent flow work?

Code snippets

// Values from https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=userassigned%2Caadv2%2Ccsharp#prepare-the-bot-code and https://github.com/microsoft/botbuilder-js/issues/4418

let botFrameworkAuthConfig: ConfigurationBotFrameworkAuthenticationOptions = {
    BotOpenIdMetadata: "https://login.botframework.com/v1/.well-known/openidconfiguration",
    ValidateAuthority: true,
    OAuthApiEndpoint: "https://europe.api.botframework.com",
    OAuthUrl: "https://europe.api.botframework.com",
    ToChannelFromBotOAuthScope: "https://api.botframework.com",
    ToBotFromChannelOpenIdMetadataUrl: "https://login.botframework.com/v1/.well-known/openidconfiguration",
    ToBotFromEmulatorOpenIdMetadataUrl: "https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration",
    ToBotFromChannelTokenIssuer: "https://api.botframework.com",
    ToChannelFromBotLoginUrl: "https://login.microsoftonline.com/botframework.com",
    CallerId: "urn:botframework:azure"
  }

const adapter = new TeamsAdapter(
    botFrameworkAuthConfig,
    new ConfigurationServiceClientCredentialFactory({
        MicrosoftAppId: process.env.BOT_ID,
        MicrosoftAppPassword: process.env.BOT_PASSWORD,
        MicrosoftAppType: 'MultiTenant'
    })
);

Reproduction steps

- From the JS b.oauth-bot sample in the 1.6.1 release.
- In the azurebot.bicep file, replace the three 'global' values by 'westeurope'
- In the index.ts file, replace the TeamsAdapter instantiation code by the code above
- Run the app in local environment (registering the app in Entra ID, deploying the regional Bot Service in Azure and running the code locally).
- In Teams, send a message to the bot
- Wait for the consent banner to appear and click on "Continue"

Expected result

The consent dialog should open to allow the user to grant consent to the requested permission (User.Read)

Result

The consent banner disappears but the consent window never appears.

Additional notes

If admin consent has already been granted for this tenant before, the authentication flow works fine with the above config (user consent flow not needed).

Please note that the user consent flow in Teams works well when runing the sample with no modification (global configuration of the bot service bicep file and with an empty object passed in the TeamsAdapter constructor for the botFrameworkAuthConfig property).

@Benjiiim Benjiiim added the dev support Dev support tracking label Nov 15, 2024
@Nivedipa-MSFT
Copy link

Nivedipa-MSFT commented Nov 18, 2024

@Benjiiim - Thank you for your inquiry about your Teams app development issue! Could you please provide the sample link you are using so that we can test it on our end?

@Nivedipa-MSFT
Copy link

@Benjiiim - Could you kindly share the sample link you are testing, so we can investigate it on our end?

@Benjiiim
Copy link
Contributor Author

@Nivedipa-MSFT > b.oauth-bot

@Nivedipa-MSFT
Copy link

Nivedipa-MSFT commented Nov 20, 2024

@Benjiiim - Thank you for your patience! We were able to reproduce the issue in the Web Teams version 1415/24110115713. We have reported this as a bug for further investigation.

We will keep you updated as soon as we receive further information. Thank you for bringing this to our attention!

@Benjiiim
Copy link
Contributor Author

Benjiiim commented Dec 3, 2024

Hello @Nivedipa-MSFT - Have you been able to get some updates on this one? Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dev support Dev support tracking
Projects
None yet
Development

No branches or pull requests

2 participants