Bot Framework v4 bot authentication using Microsoft Graph sample.
This bot has been created using Bot Framework, is shows how to use the bot authentication capabilities of Azure Bot Service. In this sample we are assuming the OAuth 2 provider is Azure Active Directory v2 (AADv2) and are utilizing the Microsoft Graph API to retrieve data about the user. Check here for information about getting an AADv2 application setup for use in Azure Bot Service. The scopes used in this sample are the following:
openidprofileUser.Read
NOTE: Microsoft Teams currently differs slightly in the way auth is integrated with the bot. Refer to sample 46.teams-auth.
This sample is a Spring Boot app and uses the Azure CLI and azure-webapp Maven plugin to deploy to Azure.
- Java 1.8+
- Install Maven
- An account on Azure if you want to deploy to Azure.
- Update
application.propertieswith required configuration settings- MicrosoftAppId
- MicrosoftAppPassword
- ConnectionName
- From the root of this project folder:
- Build the sample using
mvn package - Run it by using
java -jar .\target\bot-authentication-msgraph-sample.jar
- Build the sample using
Microsoft Bot Framework Emulator is a desktop application that allows bot developers to test and debug their bots on localhost or running remotely through a tunnel.
- Install the latest Bot Framework Emulator from here
- In Bot Framework Emulator Settings, enable
Use a sign-in verification code for OAuthCardsto receive the magic code
- Launch Bot Framework Emulator
- File -> Open Bot
- Enter a Bot URL of
http://localhost:3978/api/messages
This sample uses the bot authentication capabilities of Azure Bot Service, providing features to make it easier to develop a bot that authenticates users to various identity providers such as Azure AD (Azure Active Directory), GitHub, Uber, and so on. These updates also take steps towards an improved user experience by eliminating the magic code verification for some clients and channels. It is important to note that the user's token does not need to be stored in the bot. When the bot needs to use or verify the user has a valid token at any point the OAuth prompt may be sent. If the token is not valid they will be prompted to login.
This sample demonstrates using Azure Active Directory v2 as the OAuth2 provider and utilizes the Microsoft Graph API. Microsoft Graph is a Microsoft developer platform that connects multiple services and devices. Initially released in 2015, the Microsoft Graph builds on Office 365 APIs and allows developers to integrate their services with Microsoft products including Windows, Office 365, and Azure.
As described on Deploy your bot, you will perform the first 4 steps to setup the Azure app, then deploy the code using the azure-webapp Maven plugin.
From a command (or PowerShell) prompt in the root of the bot folder, execute:
az login
az account set --subscription "<azure-subscription>"
If you aren't sure which subscription to use for deploying the bot, you can view the list of subscriptions for your account by using az account list command.
az ad app create --display-name "<botname>" --password "<appsecret>" --available-to-other-tenants
Replace <botname> and <appsecret> with your own values.
<botname> is the unique name of your bot.
<appsecret> is a minimum 16 character password for your bot.
Record the appid from the returned JSON
Replace the values for <appid>, <appsecret>, <botname>, and <groupname> in the following commands:
az deployment sub create --name "authenticationBotDeploy" --location "westus" --template-file ".\deploymentTemplates\template-with-new-rg.json" --parameters appId="<appid>" appSecret="<appsecret>" botId="<botname>" botSku=S1 newAppServicePlanName="authenticationGraphBotPlan" newWebAppName="authenticationGraphBot" groupLocation="westus" newAppServicePlanLocation="westus"
az deployment group create --resource-group "<groupname>" --template-file ".\deploymentTemplates\template-with-preexisting-rg.json" --parameters appId="<appid>" appSecret="<appsecret>" botId="<botname>" newWebAppName="authenticationGraphBot" newAppServicePlanName="authenticationGraphBotPlan" appServicePlanLocation="westus" --name "authenticationGraphBot"
In src/main/resources/application.properties update
MicrosoftAppPasswordwith the botsecret valueMicrosoftAppIdwith the appid from the first step
- Execute
mvn clean package - Execute
mvn azure-webapp:deploy -Dgroupname="<groupname>" -Dbotname="<bot-app-service-name>"
If the deployment is successful, you will be able to test it via "Test in Web Chat" from the Azure Portal using the "Bot Channel Registration" for the bot.
After the bot is deployed, you only need to execute #6 if you make changes to the bot.
This error may confusingly present itself if either of the following are true:
- You're using an email ending in
@microsoft.com, and/or - Your OAuth AAD tenant is
microsoft.onmicrosoft.com.
- Spring Boot
- Maven Plugin for Azure App Service
- Bot Basics
- Microsoft Graph API
- MS Graph Docs and SDK
- Activity processing
- Azure Bot Service Introduction
- Azure Bot Service Documentation
- Azure CLI
- Azure Portal
- Language Understanding using LUIS
- Azure for Java cloud developers
- Channels and Bot Connector Service