BotFrameworkAdapter.getSignInLink: finalRedirect ignored (using "OAuth2 Generic Provider" from AAD)

[dhoelzl]

Versions

What package version of the SDK are you using: botbuilder 4.15.0 What nodejs version are you using: 14.16.0 What browser version are you using: Version 98.0.4758.102 (Official Build) (64-Bit) What os are you using: Microsoft Windows Server 1809 (OS Build 17763.2565)

Describe the bug

I am passing an URL to the finalRedirect argument of BotFrameworkAdapter.getSignInLink when creating a sign in link in a Microsoft Teams App / Search Messaging Extension (MessageExtension.handleTeamsMessagingExtensionQuery). The OAuth-Provider which is configured in AAD (it's name is passed in the connectionName argument) is of type "OAuth2 Generic Provider". After the OAuth2 handshake where the accessToken is finally sucessfully fetched by the Bot Authentication Service the Browser is however not redirected to the passed finalRedirect URI but the window is just closed (as if there was no finalRedirect URI passed).

To Reproduce

Steps to reproduce the behavior:

1. Configure a "OAuth2 Generic Provider" in AAD (Bot Channels Registration / Configuration / Add OAuth Connection Settings)
2. In a Teams Messaging Extension (MessageExtension.handleTeamsMessagingExtensionQuery) call BotFrameworkAdapter.getSignInLink to generate a sign in link. Pass a finalRedirect URL.
3. Click and authenticate with the sign in link in Microsoft Teams.
4. After a successful OAuth2-Authentication the login window will be closed bot not redirected to the passed finalRedirect URL.

Expected behavior

After a successfull OAuth2-Authentication the Browser in the login window should be finally redirected to the passed finalRedirect URL.

[anishprasad01]

Thank you for the report. I will investigate.

[anishprasad01]

Hi @dhoelzl,

Could you tell me a bit more about how you implemented the search extension? Did you make use of the sample?

[dhoelzl]

Thank you for the reply!

I based my project on the Hello World example (https://github.com/OfficeDev/msteams-samples-hello-world-nodejs).

For the authentication flow I did not use a sample, just the API documentation.

I do not use UserTokenClientKey.getSignInResource to get the sign in link (as it is used in the example you mentioned). The API which I use is BotFrameworkAdapter.getSignInLink: https://docs.microsoft.com/en-us/javascript/api/botbuilder/botframeworkadapter?view=botbuilder-ts-latest#botbuilder-botframeworkadapter-getsigninlink

These steps are executed in MessageExtension.handleTeamsMessagingExtensionQuery:

• I use BotFrameworkAdapter.getUserToken to retrieve the token in the search extension, once the user has authenticated.
• When there is no token, I use BotFrameworkAdapter.getSignInLink to generate a sign in link which is returned.
• When there is a token I then make an authenticated call against our custom service where the search query is sent to.
• With the response of this request the search result JSON response is built and returned.

As the service to authenticate against is our own custom service (which supports OAuth2 authentication), I use the "OAuth2 Generic Provider" configuration scheme.

[anishprasad01]

There's a bit of a disconnect here. You're effectively trying to merge Teams application development with Bot Framework development, and it's not meant to go together in this manner, which is likely causing your issues.

I would recommend reading the Teams application development docs, the Bot Framework docs, and taking a look at the Bot Framework Teams samples to understand the pros and cons of either building a Teams app or creating a Bot Framework bot using the Teams channel as it relates to the type of bot you are attempting to build and the environment in which you wish to deploy it. The samples in particular are a good resource, as there are several relating to Teams.

Given the above, I am going to close this issue. However, if you choose a Bot Framework bot and you encounter a bug or have a feature request, please feel free to open a new issue in the appropriate repository and we would be happy to give you a hand.

[dhoelzl]

Hello!

I am a bit confused. I thought that the Bot Framework is an essential part of the Teams application development system? All documentation says that if you want to build a messaging extension you need to register a Bot. What exactly is your recommended way to do this?

What I need is a teams application with a messaging extension (search) which requires authentication to an external custom service.

Thank you and regards, Dominik

[anishprasad01]

That may be true for messaging extensions, but not all Teams applications are bots.

My recommendation would be to start with this sample It shows you how to implement a basic Teams search messaging extension with AADv2 auth. From there, I would modify it to use a Generic OAuth login scheme instead of AAD. The basic Teams auth sample along with the documentation would be helpful for that.