1

I'm creating a Microsoft Teams bot that will allow a user to log in with a third-party OAuth and make authenticated requests to a non-Microsoft web service. I am able to use an OAuthPrompt to log in with my third-party OAuth provider, using a connection set up in Azure Bot Services. When I authenticate, I receive a guid which is presumably a key that corresponds to my OAuth token in the Bot Framework Token Service.

I am unclear on how to use this guid to make authenticated requests against my web service. The documentation states (emphasis mine):

To perform certain operations on behalf of a user ... the bot will need to call an external service, such as the Microsoft Graph, GitHub, or a company's REST service. Each external services has a way of securing those calls, and a common way to secure such a call is to issue those requests using a user token that uniquely identifies the user on that external service (sometimes referred to as a JWT).

This documentation indicates to me that it should be possible to use make authenticated requests to my web service via the Bot Token Framework Service or that it should be possible to retrieve my OAuth token to make authenticated requests directly to my service from my bot. I cannot find any example of anyone doing this, and have spent days looking through documentation and the botbuilder source repositories.

The bot should response to messages or actions from the user with results from the web service. For example, if a user pastes a link to a specific web page that is not available unless logged in, the bot will create a link preview of that page using the user's OAuth identity and send it to the conversation.

I am using Bot Builder v4 and the Bot Framework Emulator.

garie
  • 796
  • 7
  • 19
  • Were you able to get this working with my answer? If so, please "accept" and upvote it so others can quickly find the answer and I can clear this from my support tracker. If not, let me know how else I can help! – mdrichardson Sep 26 '19 at 15:36
  • Not exactly - I emailed you and we worked it out there. I'll add a comment to your answer. – garie Oct 01 '19 at 14:46

1 Answers1

2

You can absolutely do this. I'll point you to the right documentation to look at.

First, you'll want to use the Teams OAuth Sample. I've got a PR in place to add instructions for getting it to work properly, but the gist of it is:

  1. Add Authentication to your Bot
  2. Add your OAuth Connection Name to the ConenctionName key in appsettings.json (along with appid/password)
  3. Enable the Teams Channel
  4. Install your Bot to Teams via App Studio, ensuring that you've added token.botframework.com to the Valid Domains (Note: In App Studio, this is in Manifest Editor > Your App > Domains and Permissions)

Once authenticated, it will return a token and will validate it for each message. If you have a specific OAuth provider that isn't listed in the OAuth Settings blade in the Azure Portal, and if they have a free trial, let me know and I can help you test it. The key is that after you enter the settings, you save and click the "Test" button to make sure it works in the Azure Portal before adding it to your bot.

mdrichardson
  • 7,141
  • 1
  • 7
  • 21
  • I followed these instructions (again) and had the same problem. I was able to get this working only by creating my App Registration ([docs](https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=csharp%2Cbot-oauth)) again. I believe the first time, the app was created within the Teams Mac desktop app's App Studio. – garie Oct 01 '19 at 14:50