0

I am using the latest MS Teams toolkit 4.1.3. After I used "Provision in the cloud" and "Deploy to the cloud" two deployment options to deploy my SSO enabled bot to the Azure and AAD, I don't see any "OAuth Connection Settings" were included to the Azure Bot Service created by toolkit (see below screenshot). Based on Enable SSO for your app, we need to configure an OAuth Connection setting for SSO working for Bot. can anyone explain if MS Teams toolkit is using the different approach for SSO? does OAuth connection still required for MS Teams bot with SSO? enter image description here

Another question is that the toolkit created two AAD Applications for my bot application. One is for MS Teams app (Toolkit-tabsso(dev)-aad) and the other one (tabbtssobt65a851) is for bot itself. When I checked the toolkit-tabsso(dev)-aad's application ID URL, why it pointed to bot's AAD App instead of itself? enter image description here

Verona Chen
  • 131
  • 1
  • 8

1 Answers1

0

If you are only trying to obtain currently logged-in Teams user identity, there’s a way to do SSO flow without setting up OAuth Connections. TeamsFx has a layer of SDK that handles token exchange and SSO prompts. You could refer to this sample, available in Teams Toolkit Sample Gallery as well. This sample implements SSO flow and makes a Graph API call to retrieve user profile photo.

Junjie Li
  • 1
  • 2
  • Hi Junjie, thanks for your note. One thing I don't understand is the OAuth connections is also for token exchange purposes. I went through the sso-bot sample which you provided. the approach the sample used can literally get token for different permissions as long as you added it to your AAD app (MS Teams app you built) "API Permissions" definition. If that's the case, why the document still mentioned OAuth Connections? I wish we can have better doc to mention that. Thanks – Verona Chen Dec 10 '22 at 06:52