I try to get the Authentication Sample Bot to work. When I use the Bot in Microsoft Teams, the OAuthPrompt seems to render correctly:
but when I click the button, nothing happens. I see this in the console:
Why doesn't this work?
Just creating an Azure Bot Service 'Bot Channels Registration' is not enough to use bot authentication with Microsoft Teams. You have to have a manifest file zipped and uploaded as a custom app into Microsoft Teams. In that manifest file you have to specify the domain of the Bot Framework token endpoint:
"validDomains": [ "token.botframework.com" ]
Related
I am creating a connected app to call some APIs on behalf of a user. The connected app is created from an account under Developer Edition. Now, when the user with Professional Edition connects to the app, I am able to complete the oauth flow and received the token correctly.
The issue is when i call an API, lets say the Contact API, the response i get is as below
{
message: 'The REST API is not enabled for this Organization.',
errorCode: 'API_DISABLED_FOR_ORG'
}
I am creating this app so that any user with a salesforce account can integrate and retrieve information. I am not sure if that's how connected apps work in salesforce or if I have missed any permissions.
In the organization where I am trying to deploy a chatbot in MS Teams, because of security posture and separation of responsibilities, the MS Teams' admin team (different from bot developers), cannot create a new Azure AD app when creating a bot in App Studio. The authorization to create Azure AD app is only with AAD team.
To work with this process, we requested and got an application created in AAD via AAD Team. After creation of AAD app, the AAD team also gave us application name, application id and object id ;
Now, the MS Teams' admin team is asking for process/documentation to link chatbot to be created in app studio to AAD app. Can someone share these instructions or point to any existing ones ? (I couldn't find any in my searches).
The short answer is that this needs to go into the "botId" section in the Teams app manifest (see here for refence: https://learn.microsoft.com/en-us/microsoftteams/platform/resources/schema/manifest-schema). Longer answers:
You might not be editing a manifest directly - you are doing it in App Studio, so just go to the Bot section and that's where you capture the Bot ID
It sounds like there is a missing piece in what you are trying to do. You need:
a. an Azure Application (got)
b. a Teams app where you can capture the Azure App ID as bot id (got)
c. a 'Bot' registration in Azure (it's a kind of Azure resource) - have you got this already? If not, someone with Azure access will need to create it.
There is a section in the wizard to use an existing Azure Application - you'd need to select that and enter the Azure application id.
Here's more info on doing the bot registration: https://learn.microsoft.com/en-us/azure/bot-service/abs-quickstart?view=azure-bot-service-4.0&tabs=userassigned. For the screenshot in section 6, I recommend choosing "Multi-tenant" as the app type (then you can skip the 'Bot identity information' section later), and for 'Creation Type' is where you want to link to the already-created Azure Application.
Also note the "pricing tier" - by default it's on "standard", but you can change to the "free" tier to see if that's sufficient for you - your bot needs to be handling a lot of message to need to move up to the paid tier.
What I did end up doing was:
Create an app registration in azure with a secret. The secret becomes bot password in teams.
Create a bot using https://dev.botframework.com/bots. Since my app/bot is single tenant, I needed to be able to create a bot without azure service which requires subscription. I enabled Teams for this bot, besides web chat which is enabled by default.
Create an app using app studio, referencing the azure app and bot from botframework.
Can I upload a custom app in my teams for tenant "A"(I have the upload custom app link enabled by teams admin) which is not published to the Teams App store yet.
The custom app contains a bot registered with Microsoft bot framework and does not contain tabs.
The Microsoft App Registration for this app is registered in other tenant "B" and the app doesn't require any special delegated or application permissions to Microsoft graph
Yes this should work no problem. Depending on what you app includes (Bot, Tab, etc.) these should work fine, provided:
the user's device can access the system no problem (e.g. if your tab is hosted on a public httpS url, versus let's say an internal-only address that only people in tenant "A" could access
you don't have any tenant-specific filtering on (for instance, there are bot samples that show how to -restrict- your bot to only users from a specific tenant). This is NOT the default though, you would have put this into your bot specifically. By default it will work fine across tenants.
We've been using Azure Active Directory and EWS SOAP web services successfully.
Trying to see if we can use our current authentication method to be able to also invoke Microsoft Graph (i.e. https://graph.microsoft.com/v1.0/me/)
I went into Azure and added Microsoft Graph under App Registrations -> Settings -> Required Permissions.
This was our authorize endpoint url:
https://login.microsoftonline.com/common/oauth2/authorize?resource=https%3A%2F%2Foutlook.office365.com%2F
I changed it to :
https://login.microsoftonline.com/common/oauth2/authorize?resource=https%3A%2F%2Fgraph.microsoft.com
Is this all I had to do? When I try to go through the oAuth 2.0 flow, the authorize request seems successful, then I'm asked to enter my credentials, and then I get an error:
"Misconfigured application. This could be due to one of the
following: The client has not listed any permissions for 'Microsoft
Graph' in the requested permissions in the client's application
registration. Or, The admin has not consented in the tenant. Or, Check
the application identifier in the request to ensure it matches the
configured client application identifier. Please contact your admin to
fix the configuration or consent on behalf of the tenant. Client app
ID: b1313958-.... "
I went into Azure and added Microsoft Graph under App Registrations ->
Settings -> Required Permissions.
You mentioned this as part of your question. Please check if after performing these steps for your App Registration in Azure AD, did you click on the “Grant Permissions” button to provide consent or not.
Looking at the error it seems Consent for Microsoft Graph related permissions isn’t done yet.
I'm working on an Outlook Add-in which authenticates the user against Azure AD and runs queries against SharePoint Online sites. The app uses AngularJS and makes use of the ADAL.js and ADAL-Angular.js libraries to conduct the authentication process. The app works well within the browser, however fails during the authentication process when used through the Windows Version of Outlook.
Once the user inputs his username and password within the add-in in Outlook (Windows), and Internet Explorer window pops up with the message below:
AADSTS90056: This endpoint only accepts POST requests.
Screenshot of error
Has anyone encountered this issue? I've followed the Office Dev tutorials (below) to the letter, but still no luck...
https://github.com/OfficeDev/O365-Angular-GettingStarted
I was getting same error while trying to get access token for Microsoft Azure Active directory. the problem was url.
using https instead of http solved my problem.
my correct url for token as follows:
"https://login.microsoftonline.com/"