OAuthPrompt Sign-in never allows to select an account

[SonOfJesseAsSnekithan]

I am using my bot(v4 Enterprise bot) from Teams where when sign-in is clicked, it launches browser with oauth sign in dialog (https://token.botframework.com/api/oauth/signin?signin=aabbccdd....), but could not allow to select an account, it automatically selects last selected account and closes.

[mdrichardson]

@armstrong-charles What OAuth Provider are you using (AADv2, Slack, GitHub, etc)?

[mdrichardson]

I can repro this with AADv2, AADv1, and Slack and can't seem to find anywhere in our code that determines whether or not to have the user fully log back in. I have a feeling that this is by design as it's significantly more convenient for a user to only need to sign in once. My best guesses are that either:

• This is controlled by the OAuth provider via some sort of token caching. Once expired, it would display the username prompt again, or
• This is controlled by Teams

This is possibly something in the Botframework, but again, I can't seem to find it.

I'll forward this to the development team to determine, 1) if this is a bug or intended design, and 2) whether it's a Botframework issue or we need to forward it to the appropriate party.

---

Things I tried as workarounds that didn't work:

• Using all of the options in the special Teams dev menu (clearing all app data/cache, etc)
• When testing with AAD, logging out of login.microsoftonline.com
• Creating a new OAuth Connection Name

I'm leaning towards this being Client-specific

I can repro this in Emulator as well. However, I can force it to ask me for my username again by going to File > Clear State in Emulator. It seems like maybe the client stores the login information? Again, though, I couldn't get Teams to "forget" it.

[SonOfJesseAsSnekithan]

@mdrichardson i am using AADv2, in my case, when user successfully sign-in to wrong AAD, there is no way to sign-in him back to right AAD, is there any workaround? Thanks

[mdrichardson]

@armstrong-charles The only workaround I could find was to:

1. Chat with the bot so that it takes the user through the logout flow. In the OAuth samples, this is by simply typing logout

2. Sign out of Teams and restart the app

[EricDahlvang]

For AAD apps, you can go here: https://portal.office.com/account/#apps and revoke the apps permissions. Then you will be required to sign in again and authorize the app.

[mdrichardson]

@armstrong-charles Are you able to get either of these workarounds to accomplish what you need?

[SonOfJesseAsSnekithan]

AADv2

On Thu, Oct 24, 2019 at 9:27 AM Michael Richardson notifications@github.com wrote:

@armstrong-charles https://github.com/armstrong-charles What OAuth Provider are you using (AADv2, Slack, GitHub, etc)?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/microsoft/botbuilder-dotnet/issues/2833?email_source=notifications&email_token=ABGPBDFS5AZMMBMTAOTFZJDQQHEHXA5CNFSM4JELPSUKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECFUGII#issuecomment-545997601, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGPBDD3FOKATTKVBXOHKATQQHEHXANCNFSM4JELPSUA .

[mdrichardson]

@armstrong-charles I think you may have replied to the wrong comment. Are you able to get either of these workarounds to accomplish what you need?

[SonOfJesseAsSnekithan]

@mdrichardson, Is it possible to do it without sign-out of teams and restart the app (Step 2).

[mdrichardson]

@armstrong-charles Not that I'm aware of. It should only be a one-time thing, though, right, until they sign into the right tenant?

[SonOfJesseAsSnekithan]

@mdrichardson, it is good, atleast app could put out information to user how to get out of the situation --- because there are more than one reason to get into this situation, e.g.: user could sign-in to wrong tenant or he is in the right tenant but he is not seeing the resource due to some other reason (IT admin configuration).