You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Github issues should be used for bugs and feature requests. Use Stack Overflow for general "how-to" questions.
Version
4.22.2 DotNet C#
Describe the bug
I'm trying to set up SSO for my bot and a website.
The website is an Azure Web App that already has its own AAD Auth Set up.
The bot is hosted on Azure and also uses AAD. Auth is already working with the OAuthCard and Sign In button.
The idea is to keep users from having to authenticate 2 times, one for the website and another for the embedded bot. From what I've read with SSO I can pass the auth token that I received from the website to the bot and the bot will exchange this token for one of its own. Everything on behalf of the user.
This is what I've done so far:
Bot's App Registration
I have "Exposed an API" and created a scope: MY_BOTS_API/customScope
I have added the Web App Id to the list of Authorized Clients.
Bot Service
On the Configuration section I set up an OAuth 2 Connection with:
Tested Connection from the portal and it works, I get a token.
Web App
I authenticate against my Web App's AAD endpoint using MSAL with SCOPE = ''MY_BOTS_API/CUSTOM_SCOPE" and get an AccessToken1. I can see that the aud claim matches the one I set on my Connection's Token Exchange URL
Using the react web chat I intercept the OAuth Card TokenExchangeResource
Reply with an Invoke TokenExchangeRequest and pass in the AccessToken1
Using the C# debugger, I can see that my bot does receive the request, however the exchange fails with a 500 error. Specifically, the error occurs at the ExchangeTokenAsync(turnContext, settings.ConnectionName, turnContext.Activity.From.Id, tokenExchangeRequest, cancellationToken) call.
Looking deeper I can see that the actual error occurs on the following REST API call: REQUEST
Reproducing the exact thing might be tricky as it's tied to my own configuration. But following the explanation above with two other app registrations might work.
Expected behavior
I expect the TokenExchangeRequest to work, meaning the bot's OAuthCard is skipped as the user will be already authenticated.
The text was updated successfully, but these errors were encountered:
pelanzag
added
bug
Indicates an unexpected problem or an unintended behavior.
needs-triage
The issue has just been created and it has not been reviewed by the team.
labels
Mar 12, 2024
Github issues should be used for bugs and feature requests. Use Stack Overflow for general "how-to" questions.
Version
4.22.2 DotNet C#
Describe the bug
I'm trying to set up SSO for my bot and a website.
The website is an Azure Web App that already has its own AAD Auth Set up.
The bot is hosted on Azure and also uses AAD. Auth is already working with the OAuthCard and Sign In button.
The idea is to keep users from having to authenticate 2 times, one for the website and another for the embedded bot. From what I've read with SSO I can pass the auth token that I received from the website to the bot and the bot will exchange this token for one of its own. Everything on behalf of the user.
This is what I've done so far:
Bot's App Registration
Bot Service
Web App
Using the C# debugger, I can see that my bot does receive the request, however the exchange fails with a 500 error. Specifically, the error occurs at the
ExchangeTokenAsync(turnContext, settings.ConnectionName, turnContext.Activity.From.Id, tokenExchangeRequest, cancellationToken)
call.Looking deeper I can see that the actual error occurs on the following REST API call:
REQUEST
Which returns the following error:
RESPONSE
What can be going on?
To Reproduce
Reproducing the exact thing might be tricky as it's tied to my own configuration. But following the explanation above with two other app registrations might work.
Expected behavior
I expect the TokenExchangeRequest to work, meaning the bot's OAuthCard is skipped as the user will be already authenticated.
The text was updated successfully, but these errors were encountered: