Teams Bot with SSO using Bot Framework v4.
This bot has been created using Bot Framework, it shows how to get started with SSO in a bot for Microsoft Teams.
The focus of this sample is how to use the Bot Framework support for OAuth SSO in your bot. Teams behaves slightly differently than other channels in this regard. Specifically an Invoke Activity is sent to the bot rather than the Event Activity used by other channels. This Invoke Activity must be forwarded to the dialog if the OAuthPrompt is being used. This is done by subclassing the ActivityHandler and this sample includes a reusable TeamsActivityHandler. This class is a candidate for future inclusion in the Bot Framework SDK.
The sample uses the bot authentication capabilities in Azure Bot Service, providing features to make it easier to develop a bot that authenticates users to various identity providers such as Azure AD (Azure Active Directory), GitHub, Uber, etc. The OAuth token is then used to make basic Microsoft Graph queries.
IMPORTANT: The manifest file in this app adds "token.botframework.com" to the list of
validDomains
. This must be included in any bot that uses the Bot Framework OAuth flow.
- Microsoft Teams is installed and you have an account (not a guest account)
- NodeJS
- ngrok or equivalent tunneling solution
- M365 developer account or access to a Teams account with the appropriate permissions to install an app.
Note these instructions are for running the sample on your local machine, the tunnelling solution is required because the Teams service needs to call into the bot.
Refer to Bot SSO Setup document.
Update the appsettings.json
configuration for the bot to use the Microsoft App Id and App Password from the Bot Framework registration. (Note the MicrosoftAppId is the AppId created in step 1.1, the MicrosoftAppPassword is referred to as the "client secret" in step1.2 and you can always create a new client secret anytime.)
-
Clone the repository
git clone https://github.com/OfficeDev/Microsoft-Teams-Samples.git
-
If you are using Visual Studio
- Launch Visual Studio
- File -> Open -> Project/Solution
- Navigate to
samples/bot-conversation-sso-quickstart/csharp_dotnetcore
folder - Select
TeamsAuth.csproj
file - Press
F5
to run this project
-
Using App Studio
- Open your app in App Studio's manifest editor.
- Open the Bots page under Capabilities.
- Choose Setup, then choose the existing bot option. Enter your AAD app registration ID from step 1.1. Select any of the scopes you wish to have the bot be installed.
- Open Domains and permissions from under Finish. Enter the same ID from the step above in AAD App ID, then and append it to "api://botid-" and enter the URI into Single-Sign-On.
- Open Test and distribute, then select Install.
-
Manually update the manifest.json
- Edit the
manifest.json
contained in theappPackage/
folder to replace with your MicrosoftAppId (that was created in step1.1 and is the same value of MicrosoftAppId inappsettings.json
file) everywhere you see the place holder string{TODO: MicrosoftAppId}
(depending on the scenario the Microsoft App Id may occur multiple times in themanifest.json
). TheConnectionName
is the name of OAuth Connection you configured in step3. - Zip up the contents of the
appPackage/
folder to create amanifest.zip
- Upload the
manifest.zip
to Teams (in the left-bottom Apps view, click "Upload a custom app")
- Edit the
You can interact with this bot by sending it a message. The bot will respond by asking for your consent, by this consent the Bot will exchange an SSO token, then making a call to the Graph API on your behalf and returning the results. It will keep you loggined unless you send a message "logout".
- Bot Framework Documentation
- Bot Basics
- Azure Portal
- Add Authentication to Your Bot Via Azure Bot Service
- Activity processing
- Azure Bot Service Introduction
- Azure Bot Service Documentation
- .NET Core CLI tools
- Azure CLI
- Azure Portal
- Language Understanding using LUIS
- Channels and Bot Connector Service
- Microsoft Teams Developer Platform