microsoft / botframework-sdk

Bot Framework provides the most comprehensive experience for building conversation applications.
MIT License
7.5k stars 2.45k forks source link

Token Service returning 404 on GetToken when using Keycloak, works with ADv2 #6633

Open atmoraes1 opened 9 months ago

atmoraes1 commented 9 months ago

I have an issue with the bot framework for C# where the GetToken endpoint returns 404.

I am posting here because my question on SO didn't get any replies in half a month: https://stackoverflow.com/questions/77827681/bot-framework-c-sharp-not-generating-storing-oauth2-tokens-in-the-token-service

By looking at the Keycloak tracing logs I can see the Token endpoint being called with the refresh token and no errors show up.

As the GetToken endpoint does not return any information on why the token couldn't be retrieved (debugged the package source code) how can I evaluate that problem properly?

atmoraes1 commented 8 months ago

Well after some extensive troubleshooting, we've managed to pinpoint the issue.

Azure Portal requires you to enter a Client Secret, so one thinks, ok let me configure my IdP Client to be a confidential app and have a secret. But the Token Service NEVER sends the secret when starting the flow. Keycloak acting correctly returns an error stating that the Client is confidential and a secret must be provided, in the end, the Token Service returns 404 without any information.

To me, the components are not properly aligned/documented. Furthermore, the refresh token endpoint also has the same problem, we should provide it but the Token Service doesn't refresh tokens, I've opened another issue for that https://github.com/microsoft/botframework-sdk/issues/6634.