Azure bot interacting with authenticated messaging endpoint - azure

I am developing an Azure bot for Microsoft teams, using Azure Bot Service, Bot registration channel setup. The messaging endpoint is an App Service that is authenticated with AAD login. Could some please help me understand how to call this authenticated endpoint from a bot? currently, I am testing it on Webchat and I get a 401 unauthorized error. I tried configuring the Oauth Setting in the bot as per this, but still getting 401.
Could someone please point to any concepts and documentation required here.

There is no need to enable the App service Authentication. Just follow this article to add authentication to your bot via Azure Bot service. Then logon is required when you use the bot.
Reference:
Azure AD integration with Bot Framework / teams

Microsoft Teams behaves somewhat differently than other channels in regards to OAuth and requires a few changes to properly implement authentication. Specifically an Invoke Activity is sent to the bot rather than the Event Activity used by other channels. This Invoke Activity must be forwarded to the dialog if the OAuthPrompt is being used. This is done by subclassing the TeamsActivityHandler and implementing handleTeamsSigninVerifyState. It is best advised to make use of the 46.teams-auth sample to set up OAuth in Teams.
Hope this helps.

Related

Teams Bot Authenticate with Teams Current User

I am working on teams bot in node js i need to authenticate the user who invoke the message and get their access token to access the web api which use the same AAD can any one help me in this.
The Microsoft Graph Azure AD API should help you with managing Azure AD login and tokens.
You can also take a look at Authentication in bots for an overview of how auth works in the Bot Framework as well as related docs on setting up SSO.

GET JWT Bearer token for Azure Web PubSub Rest API to authenticate

I am working on a project, in which I am building a publish-subscribe system through Azure Web PubSub Service. The JavaScript clients (subscribers) are connected through socket and able to receive the published message on the Hub and in the Group. For this I followed this tutorial: https://learn.microsoft.com/en-us/azure/azure-web-pubsub/tutorial-pub-sub-messages?tabs=javascript
Everything is working fine, as I am in the POC phase yet. So currently I am publishing messages through JavaScript from above tutorial. But now I am starting to integrate it in my existing app which is developed in PHP. So I am thinking to use following Azure REST API for Web PubSub operation: https://learn.microsoft.com/en-us/rest/api/webpubsub/dataplane/web-pub-sub
Before this I worked on the Azure Graph APIs, in which I did an App Registration at Azure Portal with some Redirect URLs, and assign some permissions to access the resources. I did this for Outlook Mail, Overdrive, SharePoint and its very straight forward process to get the access token (JWT) to access the resources.
But I am stuck and unable to get the access token for Azure Web PubSub API. I need token to just Publish a message from PHP end by REST API. I checked in App Registration's > API permissions section, there is no permission for the Azure Web PubSub Service. I checked the same app in Enterprise application also. Did some hit and try, but didn't get the access token. I know the issue is with the permission.
Please help me to get the token for this, so will call the Web PubSub API, Or if I am missing something please help me to trace. Any suggestion are welcome.
Thanks.
I think you can make use of the following REST API endpoints:
Web Pub Sub - Grant Permission
https://learn.microsoft.com/en-us/rest/api/webpubsub/dataplane/web-pub-sub/grant-permission#webpubsubpermission
Web Pub Sub - Generate Client Token
https://learn.microsoft.com/en-us/rest/api/webpubsub/dataplane/web-pub-sub/generate-client-token

Any other ways to login users in bot besides using sigin in cards?

I have gone through this doc:
https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0
I can understand we can sign in users using sign in cards.
But is there any other ways to do that to sign in azure ad users instead of using bot internal login process?
I am using azure web chat client and .net core to code my bot. Any assistance is appreciated.
If you use a custom WebChat channel, you can auth users first on the web page and then use tokens based on your bot business logic. For details, you can refer to this demo.
What's more, though it is not recommended, Azure AD ROPC flow will work for all channels by Azure AD rest API or Azure AD SDK to auth users. As you need to require your users to input their username and passwords in this flow while your bot interacting with users, which will carry risks are not present in other flows. You should only use this flow when other more secure flows can't be used.
Hope it helps.

For what is Microsoft app ID and password used for?

I am trying to deploy my Azure Bot Service but I am kinda struggling to understand for what is Microsoft app ID and password used for? Can someone explain me these terms?
I was trying to find the answers online but unsuccessfully.
Thank you for any help.
This is the identity of the Bot Service.
You will notice in the App registrations of Azure Active Directory (AAD) that your Bot Service is in there. This is to give you the ability to Authenticate, Authorize and Audit (AAA) the Bot Service.
For example, you may want to provide access for your Bot Service to other services in your subscription, or other subscriptions also using the same AAD.
And so, the app has a set of credentials which it can use. The concept is similar to Managed Service Accounts in Windows Server.
The Microsoft app ID and Password are used to register the bot with the Azure Bot Service.
After you register it, those credentials will be used by the bot connector to authenticate the calls to your Bot's service and allow you to configure the bot with the different available channels.
Bot security is configured by the Microsoft App ID and Microsoft App Password that you obtain when you register your bot with the Bot Framework. These values are typically specified within the bot's configuration file and used to retrieve access tokens from the Microsoft Account service.

How to access the bot framework in my app?

I have started to check the LUIS from yesterday. I am really confused to use it.
Now, I have successfully created the LUIS app and I also have published it to the BOT framework. And I can communicate with the BOT in Azure -> BOT -> BOT Management -> Test in Web Chat.
Now, I want to create my app and access to the BOT in the Azure. Is there any SDK to connect to the BOT?
I know the endpoint "***endpoint/api/messages". How can I process some authentication to use it?
want to create my app and access to the BOT in the Azure
If you’d like to embed your bot in web application, easiest way is using with Web Chat channel to enable users to communicate with your bot in websites. For more information, please check:
Embed a bot in a website
Microsoft Bot Framework Web
Chat
Besides, if your client app does not support web chat, you can also enable communication between your bot and your own client application by using the Direct Line API.
How can I process some authentication to use it?
This article is about bot authentication, please refer to it.

Resources