Teams Bot Graph API

%3CLINGO-SUB%20id%3D%22lingo-sub-810428%22%20slang%3D%22en-US%22%3ETeams%20Bot%20Graph%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-810428%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20developing%20a%20very%20simple%20Teams%20bot%20that%20needs%20to%20make%20use%20of%20graph%20api%20in%20the%20backend.%20Since%20bots%20don't%20support%20silent%20authentication%2C%20I'm%20forced%20to%20authenticate%20my%20user%20inside%20the%20bot%20and%20acquire%20the%20token%20to%20call%20graph.%20My%20development%20environment%20is%20in%20Node.JS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20library%20of%20sorts%20to%20achieve%20this%3F%20I%20checked%20a%20few%20samples%20in%20github%20but%20they're%20complex%20implementations%20with%20dialogs%20and%20all.%20Can%20anyone%20provide%20some%20sample%20code%20to%20quickly%20acquire%20a%20token%20for%20calling%20graph%3F%20It's%20fine%20even%20if%20it's%20skeleton%20code.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-810428%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EBot%20Framework%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EGraph%20API%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ETeams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1993265%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Bot%20Graph%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1993265%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F384773%22%20target%3D%22_blank%22%3E%40eynarain%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20OAuth%20protocol%20is%20an%20Authorization%20protocol%2C%20not%20Authentication.%20The%20authentication%20is%20an%20extension%20to%20it.%20And%20we%20do%20have%202%20separate%20applications%20-%20Teams%20and%20the%20bot%20-%20even%20though%20these%20two%20apps%20%22talk%22%20to%20each-other%20transparently%20to%20the%20user.%3C%2FP%3E%0A%3CP%3EJust%20because%20the%20user%20authenticated%20to%20Teams%2C%20it%20does%20not%20mean%20that%20your%20bot%20is%20allowed%20to%20do%20stuff%20in%20the%20name%20of%20the%20user%20(impersonate%20the%20user)%2C%20by%20accessing%20resources%20with%20Graph%20API.%3C%2FP%3E%0A%3CP%3EWhen%20the%20user%20is%20asked%20to%20%22authenticate%22%20to%20the%20bot%2C%20we%20should%20actually%20read%20%22%3CEM%3Ethe%20bot%20need%20the%20user's%20%3CSTRONG%3Eauthorization%3C%2FSTRONG%3E%20in%20order%20to%20perform%20operations%20in%20the%20name%20of%20the%20user%3C%2FEM%3E%22.%20Only%20upon%20user's%20authorization%20can%20the%20bot%20make%20Graph%20API%20calls%20in%20the%20name%20of%20the%20user.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2001969%22%20slang%3D%22en-US%22%3ERe%3A%20Teams%20Bot%20Graph%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2001969%22%20slang%3D%22en-US%22%3EHey%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F384773%22%20target%3D%22_blank%22%3E%40eynarain%3C%2FA%3E%20%2C%3CBR%20%2F%3E%3CBR%20%2F%3EAny%20luck%20on%20what%20you%20looked%20for%2C%20since%20I%20need%20to%20do%20the%20same%2C%20please.%20Could%20you%20please%20share%20something%20steps%20or%20code%20or%20material%20to%20do%20this%2C%20please%2C%20if%20you%20are%20done%20with%20that.%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20in%20advance.%3CBR%20%2F%3ESendil%20M%3C%2FLINGO-BODY%3E
Contributor

I'm developing a very simple Teams bot that needs to make use of graph api in the backend. Since bots don't support silent authentication, I'm forced to authenticate my user inside the bot and acquire the token to call graph. My development environment is in Node.JS.

 

Is there a library of sorts to achieve this? I checked a few samples in github but they're complex implementations with dialogs and all. Can anyone provide some sample code to quickly acquire a token for calling graph? It's fine even if it's skeleton code.

2 Replies

@eynarain 

The OAuth protocol is an Authorization protocol, not Authentication. The authentication is an extension to it. And we do have 2 separate applications - Teams and the bot - even though these two apps "talk" to each-other transparently to the user.

Just because the user authenticated to Teams, it does not mean that your bot is allowed to do stuff in the name of the user (impersonate the user), by accessing resources with Graph API.

When the user is asked to "authenticate" to the bot, we should actually read "the bot need the user's authorization in order to perform operations in the name of the user". Only upon user's authorization can the bot make Graph API calls in the name of the user.

Hey @eynarain ,

Any luck on what you looked for, since I need to do the same, please. Could you please share something steps or code or material to do this, please, if you are done with that.

Thanks in advance.
Sendil M