InfinytRam
commented
1 year ago Hi @thashu0424, we are investigating.
Closed thashu0424 closed 1 year ago
InfinytRam
commented
1 year ago Hi @thashu0424, we are investigating.
thashu0424
commented
1 year ago Hi @ramfattah any updates ?
dmvtech
commented
1 year ago Hi @thashu0424
We are not able to reproduce this issue. Can you please confirm your oauth AAD application is set up correctly with all the appropriate configuration?
You can also go to your OAuth AAD app, and then go to manifest. Copy out the JSON and remove any of the sensitive/personal information, then paste it here? I'm specifically interested in the requiredResourceAccess section, but other parts may be important as well.
thashu0424
commented
1 year ago {
"id": "<REMOVED>",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"addIns": [
],
"allowPublicClient": null,
"appId": "<REMOVED>",
"appRoles": [
],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2022-12-30T09:24:37Z",
"description": null,
"certification": null,
"disabledByMicrosoftStatus": null,
"groupMembershipClaims": null,
"identifierUris": [
"<REMOVED>"
],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": [
],
"knownClientApplications": [
],
"logoUrl": null,
"logoutUrl": null,
"name": "TeamsBotSSO",
"notes": null,
"oauth2AllowIdTokenImplicitFlow": true,
"oauth2AllowImplicitFlow": true,
"oauth2Permissions": [
{
"adminConsentDescription": "Allows Teams to call the app’s web APIs as the current user",
"adminConsentDisplayName": "Teams can access the user’s profile",
"id": "<REMOVED>",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": "Enable Teams to call this app’s APIs with the same rights as you have",
"userConsentDisplayName": "Teams can access the user profile and make requests on the user’s behalf",
"value": "access_as_user"
}
],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": [
],
"parentalControlSettings": {
"countriesBlockedForMinors": [
],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [
{
"customKeyIdentifier": null,
"endDate": "2023-06-30T09:28:16.706Z",
"keyId": "<REMOVED>",
"startDate": "2022-12-30T09:28:16.706Z",
"value": null,
"createdOn": "2022-12-30T09:25:45.7003262Z",
"hint": "<REMOVED>",
"displayName": "ssobot"
},
{
"customKeyIdentifier": null,
"endDate": "2027-12-30T00:00:00Z",
"keyId": "<REMOVED>",
"startDate": "2022-12-30T09:24:39.2022563Z",
"value": null,
"createdOn": "2022-12-30T09:24:39.2262568Z",
"hint": "<REMOVED>",
"displayName": null
}
],
"preAuthorizedApplications": [
{
"appId": "<REMOVED>",
"permissionIds": [
"<REMOVED>"
]
},
{
"appId": "<REMOVED>",
"permissionIds": [
"<REMOVED>"
]
}
],
"publisherDomain": "<REMOVED>",
"replyUrlsWithType": [
{
"url": "https://token.botframework.com/.auth/web/redirect",
"type": "Web"
}
],
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4682d",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [
],
"tokenEncryptionKeyId": null
}
@dmvtech
@dmvtech have shared the manifest please check
thashu0424
commented
1 year ago Hi @dmvtech any updates or anything wrong in the manifest?
thashu0424
commented
1 year ago Hi @dmvtech any updates? Our code is in production so please help out ASAP
dmvtech
commented
1 year ago Hi @thashu0424 Apologies for the delay.
What API permissions are allowed? (Can be checked through the API permissions blade of the app registration).
I see you only have one:
"resourceAccess": [
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4682d",
"type": "Scope"
}
]But I'm not familiar with what that one might be (friendly name).
Also; from the Bot's Configuration blade and OAuth settings, does the Test Connection feature work correctly?
thashu0424
commented
1 year ago Hi @dmvtech , The API permissions are given and Test connection is working fine. Still not sure why it's having this issue
thashu0424
commented
1 year ago 
These are the API permissions given
thashu0424
commented
1 year ago Hi @dmvtech , I've added the manifest zip in this repo https://github.com/thashu0424/SSOBot and have given you access please accept it and check if even you are facing the issue from your end.
thashu0424
commented
1 year ago 
In the image you can see that I have logged in . So the first time I give the permission I'm authenticated and logged in and the prompt goes away. Then when I go to another chat and come back to the bot chat the prompt shows up again and when I click on the continue again I get this message
thashu0424
commented
1 year ago @dmvtech any update?
InfinytRam
commented
1 year ago @thashu0424,
thashu0424
commented
1 year ago InfinytRam
commented
1 year ago Hi @thashu0424,
Tested Teams SSO Auth using sample bot-conversation-sso-quickstart/csharp_dotnetcore. Followed Build a bot with SSO authentication documentation.
I'm not able to reproduce this issue after switching to different chat and coming back.
My Azure Bot Manifest json below looks pretty identical to yours.
InfinytRam
commented
1 year ago Asking additional questions:
thashu0424
commented
1 year ago OS-Windows Version- 1.6.00.376 @ramfattah , can you send me a manifest file which I can install in my local? I want to see if it is an issue with how the permissions are setup in the organization
InfinytRam
commented
1 year ago Hey @thashu0424,
To clarify: are you referring to the teams manifest or azure app registration manifest?
InfinytRam
commented
1 year ago This is the following Teams manifest.json I used to sideload the bot app to Teams:
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.14/MicrosoftTeams.schema.json",
"manifestVersion": "1.14",
"version": "1.0.0",
"id": "<<YOUR-MICROSOFT-APP-ID>>",
"packageName": "com.microsoft.teams.samples",
"developer": {
"name": "Microsoft",
"websiteUrl": "https://example.azurewebsites.net",
"privacyUrl": "https://example.azurewebsites.net/privacy",
"termsOfUseUrl": "https://example.azurewebsites.net/termsofuse"
},
"icons": {
"color": "icon-color.png",
"outline": "icon-outline.png"
},
"name": {
"short": "Team Auth Module",
"full": "Simple Team Auth Module"
},
"description": {
"short": "Test Team Auth Module Scenario",
"full": "Simple Team Auth Module Scenario Test"
},
"accentColor": "#FFFFFF",
"bots": [
{
"botId": "<<YOUR-MICROSOFT-APP-ID>>",
"scopes": [
"personal"
],
"isNotificationOnly": false,
"supportsCalling": false,
"supportsVideo": false,
"supportsFiles": false
}
],
"permissions": [
"identity",
"messageTeamMembers"
],
"validDomains": [
"token.botframework.com",
"*.ngrok.io"
]
}Hey @thashu0424,
multi-tenant, single-tenant or user-assigned managed identity?InfinytRam
commented
1 year ago Closing due to inactivity.
@thashu0424, please reopen if needed and address the inquiries previously mentioned above. Thank you.
OAuth prompt keeps showing even after the sign in was successful . The prompt must ideal be shown only once and after it is given the permissions it should not show up again. But it keeps coming up every time I go to another chat and comeback to the bot .