Closed AngryVirginian closed 4 years ago
I am able to reproduce the failure and am in the process of collecting additional logs to get to the bottom of the issue. I will post an update as soon as I have more information. Thank you for your patience.
@AngryVirginian I have deployed a fix and the OAUTH flow is now working with my test bot. Could you check if your bots works as expected?
@p-nagpal It is still not working. I am getting a 403 error instead of 500 now though.
I am running into a similar issue. The magic code always comes back. I get a status of 400 with the https://directline.botframework.com/v3/directline/session/getsessionid]. I don't have the webchat in any Iframe and I have the trusted origins defined property. I followed all the instructions and tried it with all the samples. I don't know what to do next.
Hello @AngryVirginian , @mmarinoNet I am looking at this new problem.
@mmarinoNet, is your bot in Azure Gov or Azure public cloud? Could you perhaps share a failing conversation id or your botid. This will help me investigate better. Thank you.
Yes is is in the Azure public cloud. I would be happy to do whatever I can to help. Please let me know. I tried everything and can't seem to get it to work. Months ago when I tested this it worked, now it does not seem to.
Please let me know what I should provide and I will be happy to do so.
Thank you for your help.
Monty
Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10
From: Pooja Nagpal notifications@github.com Sent: Friday, March 13, 2020 8:36:36 PM To: microsoft/BotFramework-WebChat BotFramework-WebChat@noreply.github.com Cc: mmarinoNet dot-net-developer@hotmail.com; Mention mention@noreply.github.com Subject: Re: [microsoft/BotFramework-WebChat] Azure Gov WebChat: DirectLine Enhanced Authentication resulted in magic number authentication (#2970)
Hello @AngryVirginianhttps://github.com/AngryVirginian , @mmarinoNethttps://github.com/mmarinoNet I am looking at this new problem.
@mmarinoNethttps://github.com/mmarinoNet, is your bot in Azure Gov or Azure public cloud? Could you perhaps share a failing conversation id or your botid. This will help me investigate better. Thank you.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/microsoft/BotFramework-WebChat/issues/2970#issuecomment-598901123, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABMLVBAY5BBT2H34O6NSMW3RHKKNJANCNFSM4LAAPIUQ.
@mmarinoNet this failure is in a different environment and has different symptoms. I have created https://github.com/microsoft/BotFramework-Services/issues/192 to help make progress with the 403 failure and 400 failure together.
@AngryVirginian , I found a few things
Yes it us turned on, I am running the web client locally.
[cid:image002.png@01D5F993.A59064B0]
nt from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10
From: Pooja Nagpal notifications@github.com Sent: Friday, March 13, 2020 6:35:08 PM To: microsoft/BotFramework-WebChat BotFramework-WebChat@noreply.github.com Cc: mmarinoNet dot-net-developer@hotmail.com; Mention mention@noreply.github.com Subject: Re: [microsoft/BotFramework-WebChat] Azure Gov WebChat: DirectLine Enhanced Authentication resulted in magic number authentication (#2970)
@AngryVirginianhttps://github.com/AngryVirginian , I found a few things
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/microsoft/BotFramework-WebChat/issues/2970#issuecomment-598972869, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABMLVBH5ZCW4SRVGIWI32W3RHK7KZANCNFSM4LAAPIUQ.
@p-nagpal you are right. My mistake. I turned off Enhanced Authentication during testing. It is working in the Fairfax datacenter now. I will test the other us gov bot that is in the Arlington datacenter on Monday.
@p-nagpal I confirm that the issue has been resolved in both Arlington and Fairfax datacenters. Please proceed with closing the ticket. Thank you fort he quick responses.
Screenshots
Bot channel registration directline settings
Load bot from trusted URL
OAuthPrompt card displayed in webchat
Error in F12 after clicking on the button
A new tab for magic code was opened
Version
4.7.1 through NPM
Describe the bug
v4.7.2 .NET Core Bot is hosted in Microsoft Azure Government (MAG). DirectLine Enhanced Authentication does not work in trusted urls and resulted in magic code authentication instead of the expected behavior (new tab open and close automatically without user having to do manual input). F12 on browser displayed the following error
GET https://directline.botframework.azure.us/v3/directline/session/getsessionid 500
The error
Steps to reproduce
Setup a sample auth bot in Azure MAG.
Use the following values in appsettings.json
{ "BotEnv": "usgovprd", "ChannelService": "https://botframework.azure.us", "MicrosoftAppId": "[Omited]", "MicrosoftAppPassword": "[Omitted]", "ScmType": "None", "isAzureGovernment": true, "OAuthConnectionName": "aadv2" }
Use the following codes before prompting the OAuthPrompt card.
OAuthClientConfig.OAuthEndpoint = "https://token.botframework.azure.us"; MicrosoftAppCredentials.TrustServiceUrl("https://token.botframework.azure.us");
Configure directline channel on the bot channel registration. Enable Enhanced Authentication and add a trusted url.
Configure an OAuth authentication connection with AADV2 as provider. The service principal used is from a GCC tenant.
Get a token from https://directline.botframework.azure.us/v3/directline/tokens/generate with a user id 'dl_[new guid]'
Add a webchat control to the home page of the trusted url with code similar to below
Go to the trusted url to launch the homepage and webchat.
Interact with the bot to get an OAuthPrompt card back.
Click on the OAuthPrompt card.
Magic code authentication screen is displayed instead of the expected behavior
Expected behavior
The OAuthPrompt card should open up a new browser tab, close it, and auth token is received automatically in webchat as on the Azure commercial side.
Note
The magic code can be used to successfully authenticate the user.