Closed thashu0424 closed 1 year ago
Hi @thashu0424, we are investigating.
Hi @ramfattah any updates ?
Hi @thashu0424
We are not able to reproduce this issue. Can you please confirm your oauth AAD application is set up correctly with all the appropriate configuration?
You can also go to your OAuth AAD app, and then go to manifest. Copy out the JSON and remove any of the sensitive/personal information, then paste it here? I'm specifically interested in the requiredResourceAccess
section, but other parts may be important as well.
{
"id": "<REMOVED>",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"addIns": [
],
"allowPublicClient": null,
"appId": "<REMOVED>",
"appRoles": [
],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2022-12-30T09:24:37Z",
"description": null,
"certification": null,
"disabledByMicrosoftStatus": null,
"groupMembershipClaims": null,
"identifierUris": [
"<REMOVED>"
],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": [
],
"knownClientApplications": [
],
"logoUrl": null,
"logoutUrl": null,
"name": "TeamsBotSSO",
"notes": null,
"oauth2AllowIdTokenImplicitFlow": true,
"oauth2AllowImplicitFlow": true,
"oauth2Permissions": [
{
"adminConsentDescription": "Allows Teams to call the app’s web APIs as the current user",
"adminConsentDisplayName": "Teams can access the user’s profile",
"id": "<REMOVED>",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": "Enable Teams to call this app’s APIs with the same rights as you have",
"userConsentDisplayName": "Teams can access the user profile and make requests on the user’s behalf",
"value": "access_as_user"
}
],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": [
],
"parentalControlSettings": {
"countriesBlockedForMinors": [
],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [
{
"customKeyIdentifier": null,
"endDate": "2023-06-30T09:28:16.706Z",
"keyId": "<REMOVED>",
"startDate": "2022-12-30T09:28:16.706Z",
"value": null,
"createdOn": "2022-12-30T09:25:45.7003262Z",
"hint": "<REMOVED>",
"displayName": "ssobot"
},
{
"customKeyIdentifier": null,
"endDate": "2027-12-30T00:00:00Z",
"keyId": "<REMOVED>",
"startDate": "2022-12-30T09:24:39.2022563Z",
"value": null,
"createdOn": "2022-12-30T09:24:39.2262568Z",
"hint": "<REMOVED>",
"displayName": null
}
],
"preAuthorizedApplications": [
{
"appId": "<REMOVED>",
"permissionIds": [
"<REMOVED>"
]
},
{
"appId": "<REMOVED>",
"permissionIds": [
"<REMOVED>"
]
}
],
"publisherDomain": "<REMOVED>",
"replyUrlsWithType": [
{
"url": "https://token.botframework.com/.auth/web/redirect",
"type": "Web"
}
],
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4682d",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [
],
"tokenEncryptionKeyId": null
}
@dmvtech
@dmvtech have shared the manifest please check
Hi @dmvtech any updates or anything wrong in the manifest?
Hi @dmvtech any updates? Our code is in production so please help out ASAP
Hi @thashu0424 Apologies for the delay.
What API permissions are allowed? (Can be checked through the API permissions
blade of the app registration).
I see you only have one:
"resourceAccess": [
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4682d",
"type": "Scope"
}
]
But I'm not familiar with what that one might be (friendly name).
Also; from the Bot's Configuration blade and OAuth settings, does the Test Connection
feature work correctly?
Hi @dmvtech , The API permissions are given and Test connection is working fine. Still not sure why it's having this issue
These are the API permissions given
Hi @dmvtech , I've added the manifest zip in this repo https://github.com/thashu0424/SSOBot and have given you access please accept it and check if even you are facing the issue from your end.
In the image you can see that I have logged in . So the first time I give the permission I'm authenticated and logged in and the prompt goes away. Then when I go to another chat and come back to the bot chat the prompt shows up again and when I click on the continue again I get this message
@dmvtech any update?
@thashu0424,
Hi @thashu0424,
Tested Teams SSO Auth using sample bot-conversation-sso-quickstart/csharp_dotnetcore. Followed Build a bot with SSO authentication documentation.
I'm not able to reproduce this issue after switching to different chat and coming back.
My Azure Bot Manifest json below looks pretty identical to yours.
Asking additional questions:
OS-Windows Version- 1.6.00.376 @ramfattah , can you send me a manifest file which I can install in my local? I want to see if it is an issue with how the permissions are setup in the organization
Hey @thashu0424,
To clarify: are you referring to the teams manifest or azure app registration manifest?
This is the following Teams manifest.json I used to sideload the bot app to Teams:
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.14/MicrosoftTeams.schema.json",
"manifestVersion": "1.14",
"version": "1.0.0",
"id": "<<YOUR-MICROSOFT-APP-ID>>",
"packageName": "com.microsoft.teams.samples",
"developer": {
"name": "Microsoft",
"websiteUrl": "https://example.azurewebsites.net",
"privacyUrl": "https://example.azurewebsites.net/privacy",
"termsOfUseUrl": "https://example.azurewebsites.net/termsofuse"
},
"icons": {
"color": "icon-color.png",
"outline": "icon-outline.png"
},
"name": {
"short": "Team Auth Module",
"full": "Simple Team Auth Module"
},
"description": {
"short": "Test Team Auth Module Scenario",
"full": "Simple Team Auth Module Scenario Test"
},
"accentColor": "#FFFFFF",
"bots": [
{
"botId": "<<YOUR-MICROSOFT-APP-ID>>",
"scopes": [
"personal"
],
"isNotificationOnly": false,
"supportsCalling": false,
"supportsVideo": false,
"supportsFiles": false
}
],
"permissions": [
"identity",
"messageTeamMembers"
],
"validDomains": [
"token.botframework.com",
"*.ngrok.io"
]
}
Hey @thashu0424,
multi-tenant
, single-tenant
or user-assigned managed identity
?Closing due to inactivity.
@thashu0424, please reopen if needed and address the inquiries previously mentioned above. Thank you.
OAuth prompt keeps showing even after the sign in was successful . The prompt must ideal be shown only once and after it is given the permissions it should not show up again. But it keeps coming up every time I go to another chat and comeback to the bot .