Skip to content

Latest commit

 

History

History
 
 
page_type description products languages extensions urlFragment
sample
Sample which demonstrates Azure AD authentication in teams using bot.
office-teams
office
office-365
javascript
nodejs
contentType createdDate
samples
07/07/2021 13:38:26 PM
officedev-microsoft-teams-samples-bot-conversation-sso-quickstart-js

Teams Conversation Bot SSO quick-start

Teams Bot with SSO using Bot Framework v4.

This bot has been created using Bot Framework, it shows how to get started with SSO in a bot for Microsoft Teams.

The focus of this sample is how to use the Bot Framework support for OAuth SSO in your bot. Teams behaves slightly differently than other channels in this regard. Specifically an Invoke Activity is sent to the bot rather than the Event Activity used by other channels. This Invoke Activity must be forwarded to the dialog if the OAuthPrompt is being used. This is done by subclassing the ActivityHandler and this sample includes a reusable TeamsActivityHandler. This class is a candidate for future inclusion in the Bot Framework SDK.

The sample uses the bot authentication capabilities in Azure Bot Service, providing features to make it easier to develop a bot that authenticates users to various identity providers such as Microsoft Entra ID, GitHub, Uber, etc. The OAuth token is then used to make basic Microsoft Graph queries.

IMPORTANT: The manifest file in this app adds "token.botframework.com" to the list of validDomains. This must be included in any bot that uses the Bot Framework OAuth flow.

Included Features

  • Teams SSO (bots)
  • Adaptive Card
  • Graph API

Interaction with app

Bot Conversation SSO QuickstartGif

Prerequisites

  • Microsoft Teams is installed and you have an account (not a guest account)
  • To test locally, NodeJS must be installed on your development machine (version 16.14.2 or higher)
  • dev tunnel or ngrok latest version or equivalent tunneling solution
  • M365 developer account or access to a Teams account with the appropriate permissions to install an app.
  • Teams Toolkit for VS Code or TeamsFx CLI
  • If you are using Ngrok to test locally, you'll need Ngrok installed on your development machine. Make sure you've downloaded and installed Ngrok on your local machine. ngrok will tunnel requests from the Internet to your local computer and terminate the SSL connection from Teams.

Run the app (Using Teams Toolkit for Visual Studio Code)

The simplest way to run this sample in Teams is to use Teams Toolkit for Visual Studio Code.

  1. Ensure you have downloaded and installed Visual Studio Code
  2. Install the Teams Toolkit extension
  3. Select File > Open Folder in VS Code and choose this samples directory from the repo
  4. Using the extension, sign in with your Microsoft 365 account where you have permissions to upload custom apps
  5. Select Debug > Start Debugging or F5 to run the app in a Teams web client.
  6. In the browser that launches, select the Add button to install the app to Teams.

If you do not have permission to upload custom apps (sideloading), Teams Toolkit will recommend creating and using a Microsoft 365 Developer Program account - a free program to get your own dev environment sandbox that includes Teams.

Run the app (Manually Uploading to Teams)

Note these instructions are for running the sample on your local machine, the tunnelling solution is required because the Teams service needs to call into the bot.

  1. Setup for Bot SSO
  • Refer to Bot SSO Setup document

  • Ensure that you've enabled the Teams Channel

  • While registering the Azure bot, use https://<your_tunnel_domain>/api/messages as the messaging endpoint.

    NOTE: When you create your app registration in Azure portal, you will create an App ID and App password - make sure you keep these for later.

  1. Run ngrok - point to port 3978

    ngrok http 3978 --host-header="localhost:3978"

    Alternatively, you can also use the dev tunnels. Please follow Create and host a dev tunnel and host the tunnel with anonymous user access command as shown below:

    devtunnel host -p 3978 --allow-anonymous
  2. Setup for code

  • Clone the repository

    git clone https://github.com/OfficeDev/Microsoft-Teams-Samples.git
  • In a terminal, navigate to samples/bot-conversation-sso-quickstart/js

  • Install modules

    npm install
  • Update the .env configuration for the bot to use the Microsoft App Id and App Password from the step 1 (Microsoft Entra ID app registration in Azure portal or from Bot Framework registration. (Note the MicrosoftAppId is the AppId created in step 1, the MicrosoftAppPassword is referred to as the "client secret" in step1 and you can always create a new client secret anytime.) Also, update connectionName as the name of your Azure Bot connection created in step 1.

    • MicrosoftAppType - Set this as MultiTenant to if your bot is supported on multiple tenants, otherwise SingleTenant.
    • MicrosoftAppTenantId - Set your tenantId here if you are using single tenant app registration.
  • Run your bot at the command line:

    npm start
  1. Setup Manifest for Teams
  • This step is specific to Teams.
    • Edit the manifest.json contained in the appManifest/ folder to replace with your MicrosoftAppId (that was created in step1.1 and is the same value of MicrosoftAppId in .env file) everywhere you see the place holder string {MicrosoftAppId} (depending on the scenario the Microsoft App Id may occur multiple times in the manifest.json) <<DOMAIN-NAME>> with base Url domain. E.g. if you are using ngrok it would be https://1234.ngrok-free.app then your domain-name will be 1234.ngrok-free.app and if you are using dev tunnels then your domain will be like: 12345.devtunnels.ms.
    • Zip up the contents of the appManifest/ folder to create a manifest.zip
    • Upload the manifest.zip to Teams (in the left-bottom Apps view, click "Upload a custom app")

Note: If you are facing any issue in your app, please uncomment this line and put your debugger for local debug.

Running the sample

Adding bot UI:

Install

Welcome to teamsBot:

BotSigninCard

Login command interaction:

UserDetailsCard

View your token:

Token

You can interact with this bot by sending it a message. The bot will respond by asking for your consent, by this consent the Bot will exchange an SSO token, then making a call to the Graph API on your behalf and returning the results. It will keep you loggined unless you send a message "logout".

Further reading