How do I get my teams bot to authenticate to a web service

%3CLINGO-SUB%20id%3D%22lingo-sub-3403862%22%20slang%3D%22en-US%22%3EHow%20do%20I%20get%20my%20teams%20bot%20to%20authenticate%20to%20a%20web%20service%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3403862%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20teams%20bot%20which%20I%20want%20to%20use%20as%20an%20interface%20for%20my%20service%20stack%20webservice%20however%20the%20token%20I%20have%20access%20to%20is%20not%20being%20accepted%20by%20the%20web%20service.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20followed%20the%20%22AAD%20SSO%20for%20tabs%20and%20message%20extension%22%20tutorial%20to%20set%20up%20my%20Azure%20instance%20and%20get%20a%20basic%20bot%20up%20and%20running.%20When%20I%20modified%20the%20query%20handler%20to%20send%20a%20request%20to%20a%20web%20service%20with%20the%20token%20provided%20it%20is%20responding%20with%20a%20login%20page.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20the%20code%20that%20I%20added%20to%20the%20Simple%20Graph%20Client%20in%20a%20new%20method%20which%20passes%20in%20what%20the%20user%20types%20as%20%3CSTRONG%3Equery%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3EHttpWebRequest%20request%20%3D%20(HttpWebRequest)WebRequest.Create(%22https%3A%2F%2F%3CMY%20website%3D%22%22%3E%2Fapi%2Fws%2Fv1%2Fsearch%3Fquery%3D%22%20%2B%20query)%3B%0Arequest.Headers.Add(%22Authorization%22%2C%20%22Bearer%20%22%20%2B%20_token)%3B%0Arequest.Method%20%3D%20%22GET%22%3B%0A%0Arequest.AutomaticDecompression%20%3D%20DecompressionMethods.GZip%20%7C%20DecompressionMethods.Deflate%3B%0A%0Ausing%20(System.Net.HttpWebResponse%20response%20%3D%20(HttpWebResponse)request.GetResponse())%0Ausing%20(Stream%20stream%20%3D%20response.GetResponseStream())%0Ausing%20(StreamReader%20reader%20%3D%20new%20StreamReader(stream))%0A%7B%0A%20%20%20%20return%20reader.ReadToEnd()%3B%0A%7D%3C%2FMY%3E%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20I%20need%20to%20make%20use%20of%20a%20shared%20certificate%3F%20or%20is%20there%20some%20additional%20configuration%20that%20I%20have%20missed%20which%20is%20necessary%20to%20make%20this%20situation%20work%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3403862%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAuthentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EBot%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EBot%20Framework%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDeveloper%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMessage%20Extension%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3403908%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20I%20get%20my%20teams%20bot%20to%20authenticate%20to%20a%20web%20service%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3403908%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1395473%22%20target%3D%22_blank%22%3E%40BazVanDenDungen%3C%2FA%3E-We%20are%20looking%20into%20this%20I%20will%20get%20back%20to%20you%20soon.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3404977%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20I%20get%20my%20teams%20bot%20to%20authenticate%20to%20a%20web%20service%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3404977%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1395473%22%20target%3D%22_blank%22%3E%40BazVanDenDungen%3C%2FA%3E-Please%20have%20look%20into%20this-%3CBR%20%2F%3E1.%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fplatform%2Fbots%2Fhow-to%2Fauthentication%2Fadd-authentication%3Ftabs%3Ddotnet%252Cdotnet-sample%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Fplatform%2Fbots%2Fhow-to%2Fauthentication%2Fadd-authentication%3Ftabs%3Ddotnet%252Cdotnet-sample%3C%2FA%3E%3CBR%20%2F%3E2.%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fbot-service%2Frest-api%2Fbot-framework-rest-connector-authentication%3Fview%3Dazure-bot-service-4.0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fbot-service%2Frest-api%2Fbot-framework-rest-connector-authentication%3Fview%3Dazure-bot-service-4.0%3C%2FA%3E%3CBR%20%2F%3Ehope%20it's%20helpful.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3414078%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20I%20get%20my%20teams%20bot%20to%20authenticate%20to%20a%20web%20service%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3414078%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1395473%22%20target%3D%22_blank%22%3E%40BazVanDenDungen%3C%2FA%3E-Could%20you%20please%20confirm%20if%20your%20issue%20has%20resolved%20with%20above%20suggestion%20or%20still%20looking%20for%20any%20help%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3418058%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20I%20get%20my%20teams%20bot%20to%20authenticate%20to%20a%20web%20service%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3418058%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1202096%22%20target%3D%22_blank%22%3E%40Sayali-MSFT%3C%2FA%3E%26nbsp%3BWe%20managed%20to%20get%20our%20integration%20working%20by%20modifying%20our%20oath%20connection%20setting%20from%26nbsp%3B%3CSTRONG%3Eapi%3A%2F%2F%3CGUID%3E%26nbsp%3B%3C%2FGUID%3E%3C%2FSTRONG%3Eto%26nbsp%3B%3CSTRONG%3Eapi%3A%2F%2F%3CGUID%3E%2Faccess_as_user%3C%2FGUID%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20only%20thing%20we%20are%20missing%20now%20is%20that%20our%20jwt%20token%20appears%20to%20be%20missing%20the%20email%20address%20associated%20with%20the%20user.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3418759%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20I%20get%20my%20teams%20bot%20to%20authenticate%20to%20a%20web%20service%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3418759%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1395473%22%20target%3D%22_blank%22%3E%40BazVanDenDungen%3C%2FA%3E-When%20a%20user%20asks%20the%20bot%20to%20do%20something%20that%20requires%20the%20bot%20to%20have%20the%20user%20logged%20in%2C%20the%20bot%20can%20use%20an%20OAuthPrompt%20to%20initiate%20retrieving%20a%20token%20for%20a%20given%20connection.When%20you%20start%20an%20OAuth%20prompt%2C%20it%20waits%20for%20a%20token%20response%20event%2C%20from%20which%20it%20will%20retrieve%20the%20user's%20token.%3CBR%20%2F%3ERef%20Doc%3A-%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fbot-service%2Fbot-builder-authentication%3Fview%3Dazure-bot-service-4.0%26amp%3Bamp%253Btabs%3Duserassigned%252Caadv2%252Ccsharp%26amp%3Btabs%3Duserassigned%252Caadv2%252Ccsharp%23wait-for-a-tokenresponseevent%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAdd%20authentication%20to%20a%20bot%20in%20Bot%20Framework%20SDK%20-%20Bot%20Service%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I have a teams bot which I want to use as an interface for my service stack webservice however the token I have access to is not being accepted by the web service. 

 

I followed the "AAD SSO for tabs and message extension" tutorial to set up my Azure instance and get a basic bot up and running. When I modified the query handler to send a request to a web service with the token provided it is responding with a login page.

 

This is the code that I added to the Simple Graph Client in a new method which passes in what the user types as query

 

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://<my website>/api/ws/v1/search?query=" + query);
request.Headers.Add("Authorization", "Bearer " + _token);
request.Method = "GET";

request.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate;

using (System.Net.HttpWebResponse response = (HttpWebResponse)request.GetResponse())
using (Stream stream = response.GetResponseStream())
using (StreamReader reader = new StreamReader(stream))
{
    return reader.ReadToEnd();
}

 

 

Do I need to make use of a shared certificate? or is there some additional configuration that I have missed which is necessary to make this situation work?

6 Replies
@BazVanDenDungen-We are looking into this I will get back to you soon.
@BazVanDenDungen-Could you please confirm if your issue has resolved with above suggestion or still looking for any help?

@Sayali-MSFT We managed to get our integration working by modifying our oath connection setting from api://<guid> to api://<guid>/access_as_user

 

The only thing we are missing now is that our jwt token appears to be missing the email address associated with the user.

@BazVanDenDungen-When a user asks the bot to do something that requires the bot to have the user logged in, the bot can use an OAuthPrompt to initiate retrieving a token for a given connection.When you start an OAuth prompt, it waits for a token response event, from which it will retrieve the user's token.
Ref Doc:-Add authentication to a bot in Bot Framework SDK - Bot Service | Microsoft Docs

Could you please confirm if your issue has resolved with above suggestion or still looking for any help?