Closed sandrock closed 10 months ago
Thanks @sandrock, I'm investigating.
I created a new app (AAD app + azure bot + teams manifest) again and the same issue occurs.
This appears to be services issues. I will notify the services team about this issue for further investigation.
Also, what is your Azure Bot Region location?
CC @boydc2014.
The OAuthPrompt.SendOAuthCardAsync
method intermittently fails due to an endpoint error.
Could you please assist us in investigating this issue from the services side?
Thank you.
This appears to be services issues. I will notify the services team about this issue for further investigation.
Thanks.
Also, what is your Azure Bot Region location?
When creating the bot, I chose "West Europe".
Hi @sandrock,
For "West Europe" bots, there may be additional configurations for the OAuth. I wonder if this issue might be related to https://github.com/microsoft/botbuilder-js/issues/4418#issuecomment-1437471789
For a dotnet bot project, could you please add the following additional configurations to see if it resolves this issue:
"BotOpenIdMetadata": "https://login.botframework.com/v1/.well-known/openidconfiguration",
"ValidateAuthority": "true",
"ToChannelFromBotLoginUrl": "https://login.microsoftonline.com/botframework.com",
"ToChannelFromBotOAuthScope": "https://api.botframework.com",
"ToBotFromChannelTokenIssuer": "https://api.botframework.com",
"OAuthApiEndpoint": "https://europe.api.botframework.com",
"ToBotFromChannelOpenIdMetadataUrl": "https://login.botframework.com/v1/.well-known/openidconfiguration",
"ToBotFromEmulatorOpenIdMetadataUrl": "https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration",
"CallerId": "urn:botframework:azure"
Example:
Hi. I tried the configuration bit. The bot fails 100% of times with this issue:
fail: Microsoft.AspNetCore.Server.Kestrel[13] Connection id "0HMRSHJMS20RP", Request id "0HMRSHJMS20RP:00000002": An unhandled exception was thrown by the application. System.ArgumentNullException: Value cannot be null. (Parameter 'uriString') at System.Uri..ctor(String uriString) at Microsoft.Bot.Connector.Authentication.UserTokenClientImpl..ctor(String appId, ServiceClientCredentials credentials, String oauthEndpoint, HttpClient httpClient, ILogger logger) at Microsoft.Bot.Connector.Authentication.ParameterizedBotFrameworkAuthentication.CreateUserTokenClientAsync(ClaimsIdentity claimsIdentity, CancellationToken cancellationToken) at Microsoft.Bot.Builder.CloudAdapterBase.ProcessActivityAsync(AuthenticateRequestResult authenticateRequestResult, Activity activity, BotCallbackHandler callback, CancellationToken cancellationToken) at Microsoft.Bot.Builder.CloudAdapterBase.ProcessActivityAsync(String authHeader, Activity activity, BotCallbackHandler callback, CancellationToken cancellationToken) at Microsoft.Bot.Builder.Integration.AspNet.Core.CloudAdapter.ProcessAsync(HttpRequest httpRequest, HttpResponse httpResponse, IBot bot, CancellationToken cancellationToken) at TeamsBot.Controllers.BotController.PostAsync() in BotController.cs:line 37
Quick analysis:
oauthEndpoint
. Seems to be empty. ParameterizedBotFrameworkAuthentication._oAuthUrl
Hi @sandrock,
I was able to reproduce this issue and confirm this issue only occurs for Azure bots with region set to West Europe
.
I resolved this issue by adding the following configuration to appsettings.json:
"OAuthUrl": "https://europe.api.botframework.com",
"BotOpenIdMetadata": "https://login.botframework.com/v1/.well-known/openidconfiguration",
"ValidateAuthority": "true",
"ToChannelFromBotLoginUrl": "https://login.microsoftonline.com/botframework.com",
"ToChannelFromBotOAuthScope": "https://api.botframework.com",
"ToBotFromChannelTokenIssuer": "https://api.botframework.com",
"ToBotFromChannelOpenIdMetadataUrl": "https://login.botframework.com/v1/.well-known/openidconfiguration",
"ToBotFromEmulatorOpenIdMetadataUrl": "https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration",
"CallerId": "urn:botframework:azure"
Also for West Europe bots, please make sure the Azure Bot Redirect URI is set to: https://europe.token.botframework.com/.auth/web/redirect
Example:
Output:
@sandrock, could you please try adding the updated configuration values in appsettings.json to see if that address the issue?
Hi @sandrock, any status updates?
Hi, I am solving the issue with a Microsoft Support Engineer.
We are trying configuration changes, the like you are providing, but to no avail as of now.
I will post an update here when the issue is solved.
Closing due to inactivity. Please reopen if further assistance is needed.
Hey together, I'm facing right now the same issue, but using TypeScript. The Azure Bot service is also deployed in West Europe. Is there a solution for JavaScript / TypeScript available?
The redirect URL is already setup to https://europe.token.botframework.com/.auth/web/redirect
Hi.
The issue was partially solved on my side with the help of a member of the Bot Framework support engineer.
The configuration thing above was required. Also, the redirect URL needed to be set in the Azure app registration.
Then we ran into an issue with the Teams user consent popup. It did not work properly. The callback on the continue button was never received into the bot. Fixing this would involve opening an issue at the Teams support; which we did not do. Do you think that this is your current issue?
Instead, we used the "grant Admin consent for organization" to skip user consent in teams (a button somewhere in Azure App Registration). In my bot, I do user consent in-dialog.
Hey @sandrock ,
thanks for the quick response. We are not using .Net but TypeScript for our bot. Even when using the configuration above as well as the redirect URL it is still not working. Just opened a ticket @ MS to receive some support.
In Teams, we are not receiving anything. Not even a card. The dialog status just stays at "WAITING". When trying to run it locally using the Bot Framework Emulator, we receive the login card. However, in the inspector of the Emulator, is stating now:
[15:18:07]Failed to generate an actual sign-in link: Error: Not Found [15:18:07]Falling back to emulated OAuth token.
Hope to find the root cause of this quickly.
Just to add to this, I have been developing a teams bot in C# based on one of the samples and it used OAuth authentication, this has been working fine for about a month.
Yesterday all of a sudden this stopped working and I'm getting 404 errors when showing the OAuthPrompt :
The OAuth prompt trying to retrieve the token:
https://api.botframework.com/api/usertoken/GetToken?userId=
And then because of the 404 error trying to get the token, then trying to get the sign in resources:
https://api.botframework.com/api/botsignin/GetSignInResource?state=
I tried everything, but just now created a new app registration and bot from scratch in the azure portal, this time instead of "West Europe" for the bot I chose "Global". I linked the bot up with my sample application and it works again as expected.
Edit: I just re-created a new bot with West Europe as the location the bot failed as above, I then deleted the bot and created one with "Global" and it worked. There is surely something wrong here from MS end?
This is definitely an issue Microsfts end as the app works fine with the new bot and nothing else has changed at all.
Version
What package version of the SDK are you using.
Describe the bug
The endpoint
https://api.botframework.com/api/botsignin/GetSignInResource
intermittently fails and returns a 404 with this message:To Reproduce
I created a project based on the teams authentication sample. The bot tries to ask the user for authentication using the
OAuthPrompt.SendOAuthCardAsync
method. The endpoint fails ~95% of times. Sources and extra info here.Expected behavior
The endpoint succeeds a few times a day. Meaning the request might be okay. I think the endpoint has a problem.
Screenshots
Additional context
I created this stackoverflow post: BotFramework-Teams-Authentication issue
GetSignInResource
fails often but it says that stackoverflow is more for "how-tos". Considering the problem is a bug, I think it is better to post it here.Tracking Status
Dotnet SDK [TODO]()
Javascript SDK [TODO]()
Python SDK [TODO]()
Java SDK [TODO]()
Samples [TODO]()
Docs [TODO]()
Tools [TODO]()