Forum Discussion
Microsoft Teams Bot OAuth login shows blank screen and closes without signing in
I’m building a Microsoft Teams bot using Azure AD OAuth (SSO) with Bot Framework. When I click Sign in, the OAuth popup in Teams shows a blank screen for a moment, then closes automatically without signing me in.
What I’ve Done
- Added redirect URI in Azure App Registration:
https://token.botframework.com/.auth/web/redirect
- Enabled Access tokens and ID tokens in App Registration → Authentication.
- Configured OAuth connection in Bot Channels Registration (ConnectionName matches my bot code).
- Verified client ID, client secret, and tenant ID are correct.
Code
bot.js
require("dotenv").config();
const { TeamsActivityHandler } = require("botbuilder");
const { Client } = require("@microsoft/microsoft-graph-client");
const { DialogSet, DialogTurnStatus, OAuthPrompt, WaterfallDialog } = require("botbuilder-dialogs");
require("isomorphic-fetch");
const OAUTH_PROMPT = "OAuthPrompt";
const MAIN_DIALOG = "MainDialog";
class BotActivityHandler extends TeamsActivityHandler {
constructor(conversationState, userState) {
super();
this.conversationState = conversationState;
this.userState = userState;
this.dialogState = this.conversationState.createProperty("DialogState");
this.dialogs = new DialogSet(this.dialogState);
// OAuthPrompt for Teams SSO
this.dialogs.add(
new OAuthPrompt(OAUTH_PROMPT, {
connectionName: process.env.CONNECTION_NAME,
text: "Please sign in to continue",
title: "Sign In",
timeout: 300000,
})
);
this.dialogs.add(
new WaterfallDialog(MAIN_DIALOG, [
this.promptStep.bind(this),
this.handleFileStep.bind(this),
])
);
this.onMessage(async (context, next) => {
const text = (context.activity.text || "").trim().toLowerCase();
const dialogCtx = await this.dialogs.createContext(context);
if (text.startsWith("/")) {
// ...handle commands...
} else {
const results = await dialogCtx.continueDialog();
if (results.status === DialogTurnStatus.empty) {
if (context.activity.attachments?.length > 0) {
await dialogCtx.beginDialog(MAIN_DIALOG, {
file: context.activity.attachments[0],
});
} else {
await context.sendActivity("Upload a file or type /help.");
}
}
}
await next();
});
}
async promptStep(stepContext) {
return await stepContext.beginDialog(OAUTH_PROMPT);
}
async handleFileStep(stepContext) {
const tokenResponse = stepContext.result;
if (!tokenResponse?.token) {
await stepContext.context.sendActivity("Please sign in to access files.");
return await stepContext.endDialog();
}
const token = tokenResponse.token;
// Use token with Microsoft Graph API
// ...
return await stepContext.endDialog();
}
}
module.exports.BotActivityHandler = BotActivityHandler;Problem
- OAuth popup appears, then closes without completing login.
- No token is returned to the bot.
Questions
- Why does the OAuth popup in Teams close immediately without signing in?
- Where can I see detailed error logs for OAuth failures?
- Azure AD sign-in logs?
- Application Insights (do I need to configure Instrumentation Key in Bot Service)?
Environment
- Bot Framework v4 (Node.js)
- Azure Bot Service
- Microsoft Teams channel
- Azure AD v2 OAuth
2 Replies
Nivedipa-MSFTMicrosoft
@shivanandan17 - Have you had a chance to review the checkpoints listed above? If so, are you still experiencing the same issue?
- Nivedipa-MSFT
@shivanandan17 - Thanks for bringing this issue to our attention.
Could you please review the following checkpoints?
- Ensure the connectionName matches exactly:
- In your code: check process.env.CONNECTION_NAME (case sensitive).
- In the Azure portal: Bot Channels Registration → Settings → OAuth connection settings → Connection Name.
- If there’s a mismatch, update and re-test.
- Confirm the OAuth connection configuration in Bot Channels Registration:
- Provider should be Azure Active Directory v2 (if applicable).
- Client Id must be the AAD app client id.
- Client Secret should be a valid, current secret.
- Tenant: use the specific tenant id or leave blank for multi-tenant, according to your needs.
- Scopes should include openid profile offline_access User.Read at a minimum.
- Use the portal’s “Test connection” button to verify success. If it fails, review clientId, secret, tenant, and scopes.
- Check your AAD App Registration settings:
- Redirect URI must include: https://token.botframework.com/.auth/web/redirect
- Access tokens / ID tokens toggles should be set as per provider guidance.
- Required delegated permissions (like User.Read) should be granted, with admin consent if necessary.
- For multi-tenant setups, Supported account types must be set to Multitenant.
- Review Azure AD Sign-in logs for failed attempts:
- Go to Azure AD → Sign-ins, filter by time and user, and inspect failed entries for conditional access details.
- Look for AADSTS errors (such as invalid_client or redirect_uri_mismatch).
- Note the Correlation ID and Timestamp for cross-referencing with Bot Framework logs.
- Use Teams desktop DevTools to analyze popup behavior:
- Press Ctrl+Shift+I to open DevTools, go to the Network tab, and trigger OAuthPrompt.
- Check requests to login.microsoftonline.com and token.botframework.com for failures.
- Export HAR and console logs if needed.
- Enable Application Insights or bot logging for error details:
- In Azure Portal, link or create an Application Insights resource for your bot.
- Add logging in your Node app to capture exceptions and OAuthPrompt results.
- Review traces in Application Insights for exceptions or failed requests.
- Test with “Test in Web Chat” and check Bot Framework logs:
- Run the sign-in flow in Web Chat and monitor activity traces. This helps isolate issues from the Teams client.
- If Web Chat works but Teams fails, focus on Teams DevTools logs and AAD conditional access settings.
- Try these common quick fixes:
- Correct any issues with client secret or clientId in the OAuth connection.
- Add required scopes and ensure they have admin consent in the tenant.
- If admin consent is needed, use the admin consent URL: https://login.microsoftonline.com/{tenantId}/adminconsent?client_id={clientId}&redirect_uri=htt…
- Make sure the AAD app includes https://token.botframework.com/.auth/web/redirect in its Redirect URIs.
- Ensure the connectionName matches exactly: