I'm trying to add some authentication to my bot i followed this article link to do it and i used the AuthBot sample to test it
1- created azure identity provider
2- created connection in azure bot app service for the Azure active directory 2 provider
3- run the bot and test it
and it worked fine and when i tried to use it for first time it redirect me to this page
and i want to allow the user to request access approval and i followed this doc link
but nothing changed and the bot stile redirect me to this page.
is there is something missing?
You need to grant admin consent!
Related
We are trying to authenticate users with Azure AD V2 so we can use their tokens to make API calls to graph API. We are following the sample number 46 in https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/javascript_nodejs/46.teams-auth.
OauthPrompt is not working inside of Teams, works fine in Bot Framework Emulator and in 'Test in Web chat'. Inside of Teams app and in Teams' web app, the bot does not prompt the user with a sign-in button.
Please follow this Add authentication to your Teams bot.
Important steps to keep in mind while following the doc:
Create the Azure AD identity provider
Register the Azure AD v2 identity provider with the bot.
I have my website integrated with Live SDK applications to allow customers to login to their MSN, Hotmail, Outlook, etc. email accounts and invite friends to my website by reading the contacts. This used to work properly but now it's not working anymore.
When I use the App ID / Client ID from the old Application Registration Portal (https://apps.dev.microsoft.com) I get the following message when I try to login using my Microsoft account.
invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.
I see from the Application Registration Portal that I can now use Azure to manage my App Registrations, so I basically setup the same app under Azure with the following criteria.
Authentication: Selected Web and setup the same Redirect URI I was using previously when this was working.
API Permissions: I added "Microsoft Graph" with email, Contacts.Read, openid, profile, and User.Read.
And when I try to login to my Microsoft account using my Azure app Client ID / App ID I get the following message.
unauthorized_client: The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908.
Should I try making this work using Azure instead of Application Registration Portal credentials? If so, why is it saying "unauthorized_client" when I try to login?
Thank you!
Register your Azure AD app as Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).
I created a blazor server app like this:
That works fine on my local machine. However, when deploying the website to azure I get the following error message: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application
In the azure portal I navigated to the enterprise application that was automatically created during the project creation in visual studio. However, the "Homepage URL" is readonly.
How can I make this work?
Method 1:
Instead of Enterprise application go to App registration click on Authentication under Manage group, in Authentication Menu you can specify redirect URL.
Method 2:
You can modify application manifest for redirect URL and save it after modification.
Considering AAD application is created using your own account you should be owner of this application and can be able to modify it.
Let me know for any question, happy to help!
I tried the tutorial on the official site and followed all the steps. If I test the azure bot service from azure portal, it asks for signin and gives me access token. But when I'm trying from Bot emulator, the request url for login seems odd
If I click confirm, it's signing me in directly without redirecting to azure login page and shows me the following
This does not look like an access token. Am I missing something here?
Btw, I just changed the appsettings.json file from the tutorial with my app id and secrets. Nothing else is changed. I've also made the service principle and granted permission. So there should not be any problem. I am just getting started with azure bot service. So any advice will be appreciated :)
Could you pls have a check that if you configed ngrok for your bot emulator ?
I got the same issue on my side if I remove ngrok setting in my bot emulator.Maybe it caused some networks issues while bot emulator communicating with Azure platform.
You can download it from previous link and config it on your bot emulator here :
Hope it helps :)
Unable to authorize multiple users for a BOT within the same organization using Azure AD authentication
Following are the steps we tried.
1. Created an office 365 organization, so as to be the admin of the Azure AD
Registered the Azure AD app thru app registrations on Azure in the same Org, and then assigned the permissions to the app to read emails and calendar, by following the URL - https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=csharp%2Cbot-msgraph-auth
Then created the web app bot under azure
Then under [OAuth Connection Settings] settings of the bot added the Azure AD app details, first added as Azure AD V1.0 with as per the recommendation in the URL of Microsoft
Used the standard template code of the project - BotAuthenticaionMSGraph from the Github sample code repository - https://github.com/microsoft/BotBuilder-Samples/tree/master/samples/csharp_dotnetcore
In the sample code, we just need to edit the appsettings.json file to add the [ConnectionName, MicrosoftAppId, MicrosoftAppPassword]
Then published the local bot code to the app service of the web app bot on Azure
Tested the Bot Auth on the [Test in Web Chat] on Azure -- It works for my Azure AD
Then enabled the Directline Channel for bot and distributed bot to other users of the same organization
The issue is here - when the other user opens the bot, they can see the emails and calendar of the admin user who has already logged in initially. So when the other user logs off and logs in thru his AD credential, then only his emails and calendar data is available since then.
Issue - So, at a given point of time only one user's o365 data is visible globally on the bot chat, and not individual user's data who logs in for that session. The AD token is not per user session but instead its a universal token across for all the conversations.
When I use the Azure AD V2, I get the bad request while trying to login.
Please help. Thanks.
https://github.com/microsoft/BotBuilder-Samples/tree/master/samples/csharp_dotnetcore
used the BotAuthenticaionMSGraph project
Expected is, every user should be able to log in individually, and only his data shud be visible on the bot conversation distinctively.
I have tested the sample code and it works fine for both Azure AD V1 and V2.
I followed Azure AD v2 to configure it. Don't forget to enter Mail.Read Mail.Send openid profile User.Read User.ReadBasic.All for Scopes. It's different from Azure AD V1. Otherwise, it will return 400 bad request while trying to login.
I didn't reproduce the first issue. Could you tell where the other user opens the bot? From "Test in Web Chat"?
Update
You need to be aware that your are dealing with two user identities:
The user’s identity in a channel.
The user’s identity in an identity provider that the bot is
interested in.
See Security considerations. When a bot asks user A in a channel to sign-in to an identity provider P, the sign-in process must assure that user A is the one that signs into P. If another user B is allowed to sign-in, then user A would have access to user B’s resource through the bot.
To enable the protection, you need to configure trusted Origins and tamper-proof user IDs.
You can refer to the sample code.
And this blog Using WebChat with Azure Bot Service’s Authentication provides more detailed infomration.