You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With Teams AI Library, how to configure OAuth auth with a multi-tenant regional bot service to make the user consent flow work?
Code snippets
// Values from https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=userassigned%2Caadv2%2Ccsharp#prepare-the-bot-code and https://github.com/microsoft/botbuilder-js/issues/4418
let botFrameworkAuthConfig: ConfigurationBotFrameworkAuthenticationOptions = {
BotOpenIdMetadata: "https://login.botframework.com/v1/.well-known/openidconfiguration",
ValidateAuthority: true,
OAuthApiEndpoint: "https://europe.api.botframework.com",
OAuthUrl: "https://europe.api.botframework.com",
ToChannelFromBotOAuthScope: "https://api.botframework.com",
ToBotFromChannelOpenIdMetadataUrl: "https://login.botframework.com/v1/.well-known/openidconfiguration",
ToBotFromEmulatorOpenIdMetadataUrl: "https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration",
ToBotFromChannelTokenIssuer: "https://api.botframework.com",
ToChannelFromBotLoginUrl: "https://login.microsoftonline.com/botframework.com",
CallerId: "urn:botframework:azure"
}
const adapter = new TeamsAdapter(
botFrameworkAuthConfig,
new ConfigurationServiceClientCredentialFactory({
MicrosoftAppId: process.env.BOT_ID,
MicrosoftAppPassword: process.env.BOT_PASSWORD,
MicrosoftAppType: 'MultiTenant'
})
);
Reproduction steps
- From the JS b.oauth-bot sample in the 1.6.1 release.
- In the azurebot.bicep file, replace the three 'global' values by 'westeurope'
- In the index.ts file, replace the TeamsAdapter instantiation code by the code above
- Run the app in local environment (registering the app in Entra ID, deploying the regional Bot Service in Azure and running the code locally).
- In Teams, send a message to the bot
- Wait for the consent banner to appear and click on "Continue"
Expected result
The consent dialog should open to allow the user to grant consent to the requested permission (User.Read)
Result
The consent banner disappears but the consent window never appears.
Additional notes
If admin consent has already been granted for this tenant before, the authentication flow works fine with the above config (user consent flow not needed).
Please note that the user consent flow in Teams works well when runing the sample with no modification (global configuration of the bot service bicep file and with an empty object passed in the TeamsAdapter constructor for the botFrameworkAuthConfig property).
The text was updated successfully, but these errors were encountered:
@Benjiiim - Thank you for your inquiry about your Teams app development issue! Could you please provide the sample link you are using so that we can test it on our end?
@Benjiiim - Thank you for your patience! We were able to reproduce the issue in the Web Teams version 1415/24110115713. We have reported this as a bug for further investigation.
We will keep you updated as soon as we receive further information. Thank you for bringing this to our attention!
Question
With Teams AI Library, how to configure OAuth auth with a multi-tenant regional bot service to make the user consent flow work?
Code snippets
Reproduction steps
Expected result
The consent dialog should open to allow the user to grant consent to the requested permission (User.Read)
Result
The consent banner disappears but the consent window never appears.
Additional notes
If admin consent has already been granted for this tenant before, the authentication flow works fine with the above config (user consent flow not needed).
Please note that the user consent flow in Teams works well when runing the sample with no modification (global configuration of the bot service bicep file and with an empty object passed in the TeamsAdapter constructor for the botFrameworkAuthConfig property).
The text was updated successfully, but these errors were encountered: