OAuth Login not working from team/channel

[kasta76]

We originally implemented our bot using BotFramework 3 for MS Teams and Slack. We configured a Generic OAuth 2 connection to log in to our service. The user could log in to the bot during a direct chat as well as from a channel conversation.

Recently, the login no longer worked. We updated to BotFramework 4 and implemented the new method "OnTeamsSigninVerifyStateAsync". With this, the login works via the direct MS Teams chat with the bot. The login also works with Slack (Magic Code) in the direct chat and in a channel by mentioning the bot.

Unfortunately, the login does not work in MS Teams from a channel by mentioning the bot. After the login in the pop up window, no callback (invite or event) comes back to the bot. How can we fix that?

We also tried the example APP "bot-teams-authentication", where we extended the scopes to "personal, team" in the manifest. Unfortunately, we noticed the same behaviour.

[Prasad-MSFT]

@kasta76 , Thanks for raising your issue. As mentioned here in this sample, Teams SSO only works in 1-1 chats, and not group contexts. So that's the reason this sample not working in channel context as this sample utilizes an app setting UseSingleSignOn to add TeamsSSOTokenExchangeMiddleware.

[kasta76]

yes, but I modified the example for local testing and also set SSO = false to test the login with our identity provider. The login works when chatting directly with the bot, but not in the channel. With our old code version (BotFrameworkHttpAdapter instead of CloudAdapter), both worked.

[Prasad-MSFT]

Was there any console log/error you getting? Also did you try checking other available samples that uses the same method such as bot-join-team-using-qr-code or app-installation-using-qr-code if that also behaves in same way or not?

[kasta76]

Today I started the example "JoinTeamByQR" locally and tested it. With an "Azure Active Directory v2" OAuth connection, the login in the direct chat and in the channel works. However, if I use the "Generic Oauth 2" connection to our identity server, the login only works in the direct chat. In the channel, you can open the login window with the LogIn button, but after logging in, there is simply no feedback to the bot. In the debug, I have the breakpoint directly at the BotController::PostAsync().

[Prasad-MSFT]

Okay, @kasta76 - Please do share the repro video along with the sample details and code snippets you have followed. Accordingly, we will raise a bug for this.

[kasta76]

OK, thank you. Here is the link to the video: https://derdack-my.sharepoint.com/personal/kstasch_de_derdack_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fkstasch%5Fde%5Fderdack%5Fcom%2FDocuments%2FF%C3%BCr%20jeden%20freigegeben&ga=1

and these are the steps to reproduce:

1. Locally install the C# sample application app-installation-using-qr-code from here https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/app-installation-using-qr-code
2. Create an Azure Bot in Azure and add a Generic OAuth 2 Provider to a working Identity Server.
3. Test the OAuth connection
4. Configure the AppID, AppPassword and OAuth connection name in the sample application's app settings.
5. Create a Teams manifest and upload it to the Team Client.
6. Start the sample bot in debug mode 6.a. Set a breakpoint directly at the BotController::PostAsync()
7. Chat with the bot directly. Type the command "generate": 7.a. The bot responds with the login button. 7.b. Open the login window by pressing the login button and log in. 7.c. The token is fetched by MSTeams and passed to the sample application. 7.d. The bot reports "Successfully logged in". 7.e. Type "logout"
8. Chat with the bot in a Teams channel: Type the command "@Join team by QR generate": 8.a. The bot answers with the login button. 8.b. Open the login window with the login button and log in. 8.c. The token is fetched by Bot Framework but there is no feedback to the sample application. BotController::PostAsync() is not triggered.

[Prasad-MSFT]

@kasta76 - We are able to repro this issue. We have raised a bug for the same. We will inform you once we get any further update from engineering team.

Thanks!

[kasta76]

@Prasad-MSFT OK thank you very much. In this context, I also noticed that an oAuth generic login via the new Teams client or via Teams in the browser does not work either. Here it is also irrelevant whether you chat directly with the bot or in the channel, because immediately when you open the login window by clicking on the login button, a callback to the bot application occurs with the value "CancelledByUser". I have also made videos for this: https://derdack-my.sharepoint.com/:f:/p/kstasch_de/Ep6MMPjHzURJuHUQA_zknygBMumBo9omonlggQauMtLmPw?e=Y61bel

[rbormann]

Hi @Prasad-MSFT, can you share an update in this issue from engineering? I'm in the team of @kasta76 and a growing amount of our bot users gets affected by this issue. Can engineering think of any workaround we could hack into our bot? Many thanks..

[Prasad-MSFT]

@rbormann - At the moment, we have not received any updates from the engineering team. However, we are actively communicating with them to stay updated on the progress. We have also made them aware of the seriousness of the issue. As soon as we receive any updates from them, we will notify you in this thread. Thank you!

[tygore587]

Hi @Prasad-MSFT sorry to bother you again, but do you have any update on this issue from the engineering team? Thank you!

[Prasad-MSFT]

@tygore587 - Apologies. Currently there is no update to share. We are following up with engineering team about this issue. We will update this thread once we hear from them. Thanks!

[rbormann]

@Prasad-MSFT I wanted to follow up on this issue and ask if the team was able to address the OAuth login issue?

[Prasad-MSFT]

Apologies. Currently there is no ETA to share. We are following up with engineering team about this issue. We will update this thread once we hear from them. Thanks!

[Prasad-MSFT]

We got update from engineering team that the issues has been fixed. Please do verify and confirm.