Aug 19 2019 01:19 AM
I'm developing a very simple Teams bot that needs to make use of graph api in the backend. Since bots don't support silent authentication, I'm forced to authenticate my user inside the bot and acquire the token to call graph. My development environment is in Node.JS.
Is there a library of sorts to achieve this? I checked a few samples in github but they're complex implementations with dialogs and all. Can anyone provide some sample code to quickly acquire a token for calling graph? It's fine even if it's skeleton code.
Dec 16 2020 04:44 AM
The OAuth protocol is an Authorization protocol, not Authentication. The authentication is an extension to it. And we do have 2 separate applications - Teams and the bot - even though these two apps "talk" to each-other transparently to the user.
Just because the user authenticated to Teams, it does not mean that your bot is allowed to do stuff in the name of the user (impersonate the user), by accessing resources with Graph API.
When the user is asked to "authenticate" to the bot, we should actually read "the bot need the user's authorization in order to perform operations in the name of the user". Only upon user's authorization can the bot make Graph API calls in the name of the user.
Dec 18 2020 09:51 AM