Forum Discussion
Access session (UniversalBot.loadSession) and it's userData from tab
Hello!
Is there any possibility to access the current session (UniversalBot.loadSession with an address object) and the associated userData when handling a request for a tab?
There is microsoftTeams.getContent on the tab client side, but that information is insecure and cannot be used for authentication as stated in the docs.
When handling a bot request, e.g. handling a messaging extension request for a search which needs authentication to an external IDP, this information can be accessed through the address object from the event object in an onQuery-handler, but so far I could not figure out how to do this when handling a request for a tab. Especially I don't know how to access the address object with which the session can be loaded.
I would need this to use one single authentication flow with the bot but not an additional tab based authentication flow. I want to avoid using microsoftTeams.authentication.authenticate as a second parallel authentication flow to the bot authentication initiated with responding with composeExtension/type "auth"/"openUrl".
Using two parallel authentication flows may confuse the user as e.g. when the user first uses the tab flow the bot/messaging extension needs an additional authentication, and when using the bot flow first the tab can be authenticated through localStorage (writing the access token into the localStore in the authentication callback site) on the machine where the authentication took place, but when signed in to Teams simultaneously on another machine, the bot can use the access token there too, as the Teams sessions is the same, but the tab is not authenticated as it cannot access the session.
Regards,
Dominik
4 Replies
subhasish-MSFTMicrosoft
Every request to your services includes the
idandaadObjectId, which are guaranteed to be of the authenticated Teams user. They can be used as keys to look up credentials or any cached state in your service. In addition, each request contains the Azure Active Directory tenant ID of the user, which can be used to identify the user’s organization.
You can take a look at below link for more details.
Add authentication to your messaging extensionThank you for your reply!
I have configured a configurable tab like this:
"configurableTabs": [ { "configurationUrl": "<a href="https://XXXXXXXX.ngrok.io/tab/configure" target="_blank">https://XXXXXXXX.ngrok.io/tab/configure</a>", "canUpdateConfiguration": true, "scopes": [ "team" ] } ]I am using Node/express:app.get("/tab/configure", (req, res) => { res.render("configure") });And I get called via GET-Request:req.url: "/tab/configure" req.method: "GET" req.rawHeaders: "["Host","XXXXXXXX.ngrok.io", "Accept","text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8", "Accept-Encoding","gzip, deflate, br", "Referer","<a href="https://teams.microsoft.com/iframe-container.html" target="_blank">https://teams.microsoft.com/iframe-container.html</a>", "Upgrade-Insecure-Requests","1", "User-Agent","Mozilla/5.0" (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.362 Chrome/66.0.3359.181 Electron/3.1.13 Safari/537.36", "X-Forwarded-Proto","https","X-Forwarded-For","XXX.XXX.XXX.XXX"]"Where can I access the id and aadObjectId? Do I miss something? I cannot see any header or URL-argument containing authentication information.When I dump the result of microsoftTeams.getContext on my configuration page, there is also no id or aadObjectId, and as stated in the docs this information must not be used for user authentication anyway.Thank you and regards,Dominik- subhasish-MSFT
You can refer this sample code for authentication in message extension in node.js.
Here is a link for complete solution
https://github.com/microsoft/BotBuilder-Samples/tree/0bc30ed8ecdd8c82f2e20c48cc72426dd2100bc0/samples/javascript_nodejs/52.teams-messaging-extensions-search-auth-config
Hope it helps
