How to add SSO to an azure bot on microsoft teams - azure-active-directory

Followed steps documented to enable bot sso
Created a bot.
Added Microsoft Teams under Channels.
Under Configuration added the messaging endpoint. e.g. (https://myproxy.proxyapp.com/teams/app/activity).
Generated a client secret for the Microsoft app id.
Added "https://token.botframework.com/.auth/web/redirect" as the Redirect URI for Web platform under Authentication for my Microsoft App.
Under API Permissions for my Microsoft App added "email offline_access openid profile". "User.Read" was available by default.
Under Expose an API added "api://botid-{Microsoft app id}". Added scope "access_as_user". Added web (1fec8e78-bce4-4aaf-ab1b-5451cc387264) and desktop (5e3ce6c0-2b1f-4285-8d4b-75ee78787346) client applications.
In the Manifest file for my Microsoft app updated "accessTokenAcceptedVersion": 2.
For my bot added an OAuth Connection as below
Created an app on Microsoft Teams and associated my Micorsoft App Id as the bot id. Attached is the manifest for my Microsoft Teams app.
When I install this app to Microsoft Teams the bot is shown in the chat tab which is expected. Further the document says as a 1st step
"The bot sends a message with an OAuthCard that contains the tokenExchangeResource property.". How can I achieve this?
When I type "Hi" for the very 1st time on the bot I receive the below JSON at my messaging endpoint
{
"text": "hi",
"textFormat": "plain",
"attachments": [
{
"contentType": "text/html",
"content": "<div>hi</div>"
}
],
"type": "message",
"timestamp": "2021-10-05T18:27:21.5454867Z",
"localTimestamp": "2021-10-05T23:57:21.5454867+05:30",
"id": "1633458441515",
"channelId": "msteams",
"serviceUrl": "https://smba.trafficmanager.net/in/",
"from": {
"id": "29:1kR5UGDG5iTFhsVadKAadeYuzsLEhMYK_YFxb7_Y62nAilJVLIMiPtC8oLrGGyK7wZTaFc8-jlVxJq3q0bpoBMw",
"name": "Ashish Sood",
"aadObjectId": "3836************************be046"
},
"conversation": {
"conversationType": "personal",
"tenantId": "1734*************************bb8ecf",
"id": "a:1xMOdsbv02hfl2J4GUGA7-WemaLGCOxFlzsSNcQ9StjIMAAKn64tJ0zxKk25b02NMTl3rc7nbNffMZGXVYfraNIDKnptC01oeLRv7Ngh2WMCyOrmBT2KaDleQXSU2s4MY"
},
"recipient": {
"id": "28:18c9**********************02b9",
"name": "NOW_Virtual_Agent_SSO_Bot"
},
"entities": [
{
"locale": "en-GB",
"country": "GB",
"platform": "Mac",
"timezone": "Asia/Calcutta",
"type": "clientInfo"
}
],
"channelData": {
"tenant": {
"id": "1734************************b8ecf"
}
},
"locale": "en-GB",
"localTimezone": "Asia/Calcutta"
}
How do I use this JSON to complete the 6 steps mentioned at
add sso authentication
Microsoft Teams App manifest.json
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.11/MicrosoftTeams.schema.json",
"manifestVersion": "1.11",
"version": "1.0.0",
"id": "9a83***************************177d",
"packageName": "com.microsoft.teams.devapp",
"developer": {
"name": "SSO Bot App",
"websiteUrl": "https://www.teams.com",
"privacyUrl": "https://www.teams.com/privacy",
"termsOfUseUrl": "https://www.teams.com/termsofuse"
},
"icons": {
"color": "color.png",
"outline": "outline.png"
},
"name": {
"short": "SSO Bot App",
"full": "SSO Bot App"
},
"description": {
"short": "SSO Bot App",
"full": "SSO Bot App"
},
"accentColor": "#FFFFFF",
"staticTabs": [
{
"entityId": "conversations",
"scopes": [
"personal"
]
},
{
"entityId": "about",
"scopes": [
"personal"
]
}
],
"bots": [
{
"botId": "18c9**********************02b9",
"scopes": [
"personal"
],
"supportsFiles": true,
"isNotificationOnly": false
}
],
"permissions": [
"identity",
"messageTeamMembers"
],
"validDomains": [
"token.botframework.com"
],
"webApplicationInfo": {
"id": "18c9**********************02b9",
"resource": "api://botid-18c9**********************02b9"
}
}

We ran into the same issue and spit through the nodejs/.net bot framework code to find what JSON is exactly sent for an OAuth card. We ended up with the follow JSON:
{
"attachments": [
{
"content": {
"connectionName": "<name of your sso oauth connection>",
"text": "<some text, is not shown>",
"tokenExchangeResource": {
"id": "<some random id, for validation in invoke request>"
}
},
"contentType": "application/vnd.microsoft.card.oauth"
}
],
"channelId": "msteams",
"conversation": {
"id": "<conversation ID>"
},
"from": {
"id": "<your conversation bot id>"
},
"recipient": {
"id": "<conversation user id>"
},
"serviceUrl": "<service URL of conversation>",
"type": "message"
}

Related

Google Smart Home can't recognize "action.devices.commands.TimerStart" command

I'm integrating my sprinkler product with Google Smart Home. Everything works except that the "action.devices.commands.TimerStart" command cannot be recognized by Google smart home.
Below is my SYNC response:
"body": {
"requestId": "12486236378229063564",
"payload": {
"agentUserId": "Oliver",
"devices": [
{
"id": "AAAA-BBBB-CCCC-DDDD",
"type": "action.devices.types.SPRINKLER",
"traits": [
"action.devices.traits.Timer",
"action.devices.traits.StartStop"
],
"name": {
"name": "Front yard"
},
"willReportState": true,
"deviceInfo": {
"manufacturer": "ABC company",
"model": "ABC",
"hwVersion": "3.2",
"swVersion": "11.4"
},
"attributes": {
"maxTimerLimitSec": 86399
}
}
]
}
}
Below is the QUERY response:
"body": {
"requestId": "7683156339707030974",
"payload": {
"devices": {
"AAAA-BBBB-CCCC-DDDD": {
"status": "SUCCESS",
"online": true,
"isRunning": false,
"timerRemainingSec": -1
}
}
}
}
When I type or speak "Start Front yard" on Google home app, my backend server receives the following command, which is correct.
"payload": {
"commands": [
{
"devices": [
{
"id": "AAAA-BBBB-CCCC-DDDD"
}
],
"execution": [
{
"command": "action.devices.commands.StartStop",
"params": {
"start": true
}
}
]
}
]
}
But when I type or speak "Run Front yard for five minutes" on Google home app, my backend server still receives the same command (action.devices.commands.StartStop) as the above. What I expect to receive is "action.devices.commands.TimerStart" command. Can anyone pls help point out what I'm doing wrong?
I expect to receive the "action.devices.commands.TimerStart" instead of the "action.devices.commands.StartStop" command after typing or speaking "Run Front yard for five minutes" on Google smart home.

Custom policy does not maintain previous values on properties array

I am creating a custom policy following this documentation.
I created one, and it is working. The JSON schema for the policy is shown below:
{
"title": "ACME Custom Basic Auth Policy",
"description": "Basic Authentication policy which enforces security according with custom consumer credentials",
"type": "object",
"properties": {
"users": {
"title": "users",
"type": "array",
"items": {
"type": "object",
"required": [
"username",
"password"
],
"properties": {
"username": {
"title": "User Name",
"type": "string",
"default": []
},
"password": {
"title": "User Password",
"type": "string",
"#context": {
"#characteristics": [
"security:sensitive"
]
}
}
}
},
"minItems": 1
}
},
"#context": {
"#vocab": "anypoint://vocabulary/policy.yaml#",
"security": "anypoint://vocabulary/policy.yaml#"
},
"$id": "allow-dynamic-resources",
"$schema": "https://json-schema.org/draft/2019-09/schema"
}
When I go to API Manager, I can configure the values on first attempt, but when I go back to change the values, they do not appear.
This happens only when I configure an array. If I configure as an object, it works. How can I fix this?

Alexa home skill v3 ToggleController skill fails to find devices

I'm trying to use the Alexa Smart Home Skill ToggleController v3 interface to build a skill that will open and close my gate. I read the docs, and successfully implemented the sample light bulb tutorial from end to end. https://developer.amazon.com/en-US/docs/alexa/smarthome/smart-home-skill-tutorial.html
Everything worked fine. Then I created a new skill and tried to implement the ToggleController interface, mapping ON and OFF to Open and Close using semantics.
Account linking works fine
Lambda gets called with discover directive when I enable the skill on
my Alexa app
There are no errors in CloudWatch
Alexa Simulator calls the right directives and receives responses with no errors
Schema validates successfully
When I click discover devices, I get "No new devices found".
I checked all devices in the Alexa app and my device is not there.
Below is the discovery response message that my lambda returns - (from CloudWatch).
Does anyone know what I'm doing wrong?
{
"event": {
"header": {
"namespace": "Alexa.Discovery",
"name": "Discover.Response",
"messageId": "fedfbae4-0ec8-4b4e-81d1-c998bc0ee860",
"payloadVersion": "3"
},
"payload": {
"endpoints": [
{
"endpointId": "pleasant-view-gate",
"manufacturerName": "Ancient Geeks",
"description": "Smart Gate at Pleasant View Cottage",
"friendlyName": "Pleasant Gate",
"displayCategories": [
"OTHER"
],
"capabilities": [
{
"type": "AlexaInterface",
"interface": "Alexa.ToggleController",
"instance": "PleasantView.Gate",
"version": "3",
"properties": {
"supported": [
{
"name": "toggleState"
}
],
"proactivelyReported": false,
"retrievable": true
},
"capabilityResources": {
"friendlyNames": [
{
"#type": "text",
"value": {
"text": "Gate",
"locale": "en-US"
}
}
]
},
"semantics": {
"actionMappings": [
{
"#type": "ActionsToDirective",
"actions": [
"Alexa.Actions.Close"
],
"directive": {
"name": "TurnOff",
"payload": {}
}
},
{
"#type": "ActionsToDirective",
"actions": [
"Alexa.Actions.Open"
],
"directive": {
"name": "TurnOn",
"payload": {}
}
}
],
"stateMappings": [
{
"#type": "StatesToValue",
"states": [
"Alexa.States.Closed"
],
"value": "OFF"
},
{
"#type": "StatesToValue",
"states": [
"Alexa.States.Open"
],
"value": "ON"
}
]
}
},
{
"type": "AlexaInterface",
"interface": "Alexa",
"version": "3"
},
{
"type": "AlexaInterface",
"interface": "Alexa.EndpointHealth",
"version": "3",
"properties": {
"supported": [
{
"name": "connectivity"
}
],
"proactivelyReported": false,
"retrievable": true
}
}
]
}
]
}
}
}

Create SQL Server via Azure Resource Manager (ARM) template

I am trying to create a new Azure instance of SQL Server in which I would like to then create a few new databases.
I know from the Azure Portal that some sort of admin users could be:
an SA user (I think this means "Server Admin" and it looks like some sort of old way of managing a SQL Server instance, but at the same time very "basic" and proved to work)
an Active Directory user (not sure about Azure terminology here, but it looks like this could be some "broad user" for the whole Azure platform, like e.g. my own login user for the Azure Portal, this is not specific to databases world).
I would like to create a SQL Server with a SA user to administer the server. From the Azure portal I can not find a way to generate an ARM template for a SA user for the SQL Server instance.
I am copy pasting from a 10000 lines ARM template for a very long list of SQL servers and databases but I am not able to isolate the basic steps to have a hopefully clean and short ARM template to start with.
This is the ARM template I am trying to deploy on Azure:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "westeurope"
},
"foo_sql_server_name": {
"defaultValue": "foo-sql-server",
"type": "String"
}
},
"resources": [
{
"type": "Microsoft.Sql/servers",
"kind": "v12.0",
"name": "[parameters('foo_sql_server_name')]",
"apiVersion": "2015-05-01-preview",
"location": "[parameters('location')]",
"scale": null,
"properties": {
"administratorLogin": "<MY_SA_USER_THAT_I_CAN_NOT_CREATE>",
"version": "12.0"
},
"dependsOn": []
}
]
}
When running the above with:
az group deployment create \
--name "deployDBs" \
--resource-group "MyCustomResourceGroup" \
--template-file ./templates/db.json # --verbose --debug
Then I get the following error message:
Deployment failed. Correlation ID: <A_CUSTOM_GUID>. {
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "InvalidParameterValue",
"message": "Invalid value given for parameter Password. Specify a valid parameter value."
}
]
}
}
When removing the JSON field administratorLogin (because hopefully I could create the SA user somehow somewhere else that I yet have to figure out), then I get the following error message:
Deployment failed. Correlation ID: <ANOTHER_CUSTOM_GUID>. {
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "InvalidParameterValue",
"message": "Invalid value given for parameter Login. Specify a valid parameter value."
}
]
}
}
I am not able to find the definition for the pair "username password" for the SA user (Server Admin) from the 10000 lines auto-generated ARM template.
How could I create/inject a SA user for the SQL Server while deploying a new instance of a SQL Server?
The sa login you use on an on-premises SQL Server instance is known on Azure SQL as the Admin login. You can provide the name of the admin login and its password as parameter as shown on below sample template:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"yourservernameName": {
"type": "string",
"defaultValue": "yourservername2"
},
"yourservernameAdminLogin": {
"type": "string",
"defaultValue": "VeryWiseAdmin",
"minLength": 1
},
"yourservernameAdminLoginPassword": {
"type": "securestring",
"defaultValue": "ReplaceWithTheMostSecurePasswordThatEverExisted&NeverShareLikeThisWithAnyone!"
},
"dbnameName": {
"type": "string",
"defaultValue": "dbname",
"minLength": 1
},
"dbnameCollation": {
"type": "string",
"minLength": 1,
"defaultValue": "SQL_Latin1_General_CP1_CI_AS"
},
"dbnameEdition": {
"type": "string",
"defaultValue": "Basic"
},
"dbnameRequestedServiceObjectiveName": {
"type": "string",
"defaultValue": "Basic"
}
},
"variables": {
},
"resources": [
{
"name": "[parameters('yourservernameName')]",
"type": "Microsoft.Sql/servers",
"location": "West Europe",
"apiVersion": "2014-04-01-preview",
"dependsOn": [],
"tags": {
"displayName": "yourservername"
},
"properties": {
"administratorLogin": "[parameters('yourservernameAdminLogin')]",
"administratorLoginPassword": "[parameters('yourservernameAdminLoginPassword')]",
"version": "12.0"
},
"resources": [
{
"name": "[concat(parameters('yourservernameName'),'/AllowAllWindowsAzureIps')]",
"type": "Microsoft.Sql/servers/firewallRules",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('yourservernameName'))]"
],
"properties": {
"startIpAddress": "0.0.0.0",
"endIpAddress": "0.0.0.0"
}
},
{
"name": "[concat(parameters('yourservernameName'),'/',parameters('dbnameName'))]",
"type": "Microsoft.Sql/servers/databases",
"location": "West Europe",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('yourservernameName'))]"
],
"tags": {
"displayName": "dbname"
},
"properties": {
"collation": "[parameters('dbnameCollation')]",
"edition": "[parameters('dbnameEdition')]",
"maxSizeBytes": "1073741824",
"requestedServiceObjectiveName": "[parameters('dbnameRequestedServiceObjectiveName')]"
}
}
]
}
],
"outputs": {
"SomeString": {
"type": "string",
"value": "What ever you want to put here"
},
"ServerNameParam": {
"type": "string",
"value": "[parameters('yourservernameName')]"
},
"ServerResourceID": {
"type": "string",
"value": "[resourceId('Microsoft.Sql/servers', parameters('yourservernameName'))]"
},
"ServerObject": {
"type": "object",
"value": "[reference(parameters('yourservernameName'))]"
},
"SqlServerURL": {
"type": "string",
"value": "[reference(parameters('yourservernameName')).fullyQualifiedDomainName]"
},
"DbResourceID": {
"type": "string",
"value": "[resourceId('Microsoft.Sql/servers/databases', parameters('yourservernameName'), parameters('dbnameName'))]"
},
"DbObject": {
"type": "object",
"value": "[reference(parameters('dbnameName'))]"
},
"DbAdoConnString": {
"type": "string",
"value": "[concat('Server=tcp:',reference(parameters('yourservernameName')).fullyQualifiedDomainName,',1433;Initial Catalog=',parameters('dbnameName'),';Persist Security Info=False;User ID=',reference(parameters('yourservernameName')).administratorLogin,';Password=',reference(parameters('yourservernameName')).administratorLoginPassword,';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;')]"
}
}
}
Working sample:
"name": "name",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01",
"properties": {
"administratorLogin": "somelogin",
"administratorLoginPassword": "somepasswordD1!"
}
please note that SA might not be allowed as a username and password has complexity requirements
We wanted to create a temporary unique password per resource group and don't have to worry about passwords in template or parameters files since these are checked into git. Solved it like this:
template.json:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vulnerabilityAssessments_Default_storageContainerPath": {
"type": "SecureString"
},
"servers_dev_name": {
"defaultValue": "dev-app",
"type": "String"
}
},
"variables": {
"servers_dev_password": "[concat('P', uniqueString(resourceGroup().id, '224F5A8B-51DB-46A3-A7C8-59B0DD584A41'), 'x', '!')]",
},
"resources": [
{
"type": "Microsoft.Sql/servers",
"apiVersion": "2019-06-01-preview",
"name": "[parameters('servers_dev_name')]",
"location": "northeurope",
"kind": "v12.0",
"properties": {
"administratorLogin": "OurSaName",
"administratorLoginPassword": "[variables('servers_dev_password')]",
"version": "12.0",
"publicNetworkAccess": "Enabled"
}
},
"To make sure that we are compliant with the Azure SQL database policy "Your password must contain characters from three of the following categories – English uppercase letters, English lowercase letters, numbers (0-9), and non-alphanumeric characters (!, $, #, %, etc.)", we insert one character for each category before and after the unique string."
Sources:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions-string#uniquestring
https://vivien-chevallier.com/Articles/automatically-generate-a-password-for-an-azure-sql-database-with-arm-template
Warning:
If you add to your parameters.json:
"servers_dev_password": {
"value": "[uniqueString(resourceGroup().id)]"
}
and add the parameter to template.json the actual password will be:[uniqueString(resourceGroup().id)].
"servers_dev_password": {
"type": "SecureString"
}
A thing to note is that the definition for uniqueString is:
Creates a deterministic hash string based on the values provided as
parameters.
This means that if you want to create a unique password per deployment it would have to look something like this:
"parameters": {
"newGuid": {
"type": "string",
"defaultValue": "[newGuid()]"
}
}
"variables": {
"sqlserverAdminPassword": "[concat(uniqueString(guid(resourceGroup().id, deployment().name)), parameters('newGuid'), 'Tg2%')]"
}
Your password would then be updated on every deploy.
https://stackoverflow.com/a/70325944/3850405

how to verify payment paypal on mobile sdk 2.x?

i made application on android with paypal for payment but i donot know how to verify payment paypal in my app android.
this is my responce payment from paypal on sanbox environment.
{
"response": {
"state": "approved",
"id": "PAY-27N978063W077501JKPUBNZQ",
"create_time": "2014-08-11T01:05:42Z",
"intent": "sale"
},
"client": {
"platform": "Android",
"paypal_sdk_version": "2.2.2",
"product_name": "PayPal-Android-SDK",
"environment": "sandbox"
},
"response_type": "payment"
}
{
"amount": "520.10",
"short_description": "htc one",
"details": {
"tax": "0.300000011920928955078125",
"subtotal": "519.80",
"shipping": "0"
},
"intent": "sale",
"currency_code": "AUD",
"item_list": {
"items": [
{
"quantity": "2",
"price": "259.90",
"sku": "GATE5000k",
"currency": "AUD",
"name": "htc one"
}
]
}
}
please help me if you know the solution to resolve that?
Have a look into documentation to verify payment. It should guide you step by step to call the paypal rest api with your payment id and the steps you need to verify, namely that the state is approved and transaction details match.

Resources