Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[sso-with-skills] Authorizartion issues #3808

Closed
JFolberth opened this issue Aug 15, 2022 · 5 comments
Closed

[sso-with-skills] Authorizartion issues #3808

JFolberth opened this issue Aug 15, 2022 · 5 comments
Assignees
Labels
Bot Services Required for internal Azure reporting. Do not delete. Do not change color. customer-replied-to Indicates that the team has replied to the issue reported by the customer. Do not delete. customer-reported Issue is created by anyone that is not a collaborator in the repository.

Comments

@JFolberth
Copy link

Github issues for C# /JS / Java/ Python should be used for bugs and feature requests. Use Stack Overflow for general "how-to" questions.

Sample information

  1. Sample type: [\samples\experimental\sso-with-skills]
  2. Sample language: [dotnetcore]
  3. Sample name: SSO with Simple Skill Consumer and Skill

Describe the bug

Have a customer who is receiving "StatusCode": 401, "RawResponseBody": "{\"error\":{\"code\":\"InvalidAuthenticationToken\",\"message\":\"Access token validation failure. Invalid audience

I am walking through the repo and getting "Microsoft.Bot.Schema.ErrorResponseException: Operation returned an invalid status code Unauthorized at Microsoft.Bot.Connector.UserToken.GetTokenWithHttpMessagesAsync(String userId, String connectionName, String channelId, String code, Dictionary 2 customHeaders, CancellationToken cancellationToken) at Microsoft.Bot.Connector.UserTokenExtensions.GetTokenAsync(IUserToken operations, String userId, String connectionName, String channelId, String code, CancellationToken cancellationToken) at Microsoft.Bot.Builder.BotFrameworkAdapter.GetUserTokenAsync(ITurnContext turnContext, AppCredentials oAuthAppCredentials, String connectionName, String magicCode, CancellationToken cancellationToken) at Microsoft.Bot.Builder.Dialogs.UserTokenAccess.GetUserTokenAsync(ITurnContext turnContext, OAuthPromptSettings settings, String magicCode, CancellationToken cancellationToken) at Microsoft.Bot.Builder.Dialogs.OAuthPrompt.BeginDialogAsync(DialogContext dc, Object options, CancellationToken cancellationToken) at Microsoft.Bot.Builder.Dialogs.DialogContext.BeginDialogAsync(String dialogId, Object options, CancellationToken cancellationToken)

I have confirmed via curl locally that am able to retrieve the correct and valid token.

To Reproduce

Steps to reproduce the behavior:

  1. Launch the code in the emulator after configuring the root and skill bot (Confirmed both are able to get an OAuth Connection)
  2. Locally emulator connected to running instance of RootBot
  3. Welcome message appears
  4. Type 'login'

Expected behavior

Expected to prompted with AAD login screen

Additional context

Add any other context about the problem here.

@JFolberth JFolberth added bug Indicates an unexpected problem or an unintended behavior. needs-triage The issue has just been created and it has not been reviewed by the team. labels Aug 15, 2022
@breakingram breakingram self-assigned this Aug 16, 2022
@breakingram
Copy link
Contributor

Hi @JFolberth, I'm investigating this issue.

@breakingram
Copy link
Contributor

Hi @JFolberth,

I was not able to reproduce this issue after following the sso-with-skills readme and Add single sign-on to a bot documentation.

Tested in WebChat, and after typing login I received the token.

For the first login activity message, I received a card to sign in. After that, whenever I type login, I automatically receive the token without signing in every time.

@JFolberth, are you facing this issue only if using Emulator?

@JFolberth
Copy link
Author

So, couple things realized on this. My initial issue was ultimately misreading configuration of the app secret between a managed bot and single/multi tenant. However; ran into some additional items/feedback.

  • The walkthrough assumes you have ngrok already configure to run, there is no mention of this. If you do not the experience is silently different as you will get an "emulatedToken"
  • I ran into that the Emulator does not support the latest version of ngrok and found an issue opened with that #2389

@breakingram breakingram added Bot Services Required for internal Azure reporting. Do not delete. Do not change color. customer-replied-to Indicates that the team has replied to the issue reported by the customer. Do not delete. and removed bug Indicates an unexpected problem or an unintended behavior. needs-triage The issue has just been created and it has not been reviewed by the team. labels Aug 18, 2022
@breakingram
Copy link
Contributor

breakingram commented Aug 19, 2022

Hi @JFolberth, were you able to get the SSO with skill working?

@axelsrz axelsrz added the customer-reported Issue is created by anyone that is not a collaborator in the repository. label Aug 22, 2022
@breakingram
Copy link
Contributor

Closing due to lack of activity. @JFolberth please re-open if needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bot Services Required for internal Azure reporting. Do not delete. Do not change color. customer-replied-to Indicates that the team has replied to the issue reported by the customer. Do not delete. customer-reported Issue is created by anyone that is not a collaborator in the repository.
Projects
None yet
Development

No branches or pull requests

3 participants