Jul 17 2024 11:19 PM
I'm developing a Teams bot-based message extension application using the Teams Toolkit in TypeScript. I need to retrieve all the replies for a message in the current channel. According to the documentation, I need to use the Graph API to get the replies. However, to use the Graph API, I need an access token.
My questions are:
Jul 18 2024 05:20 AM - edited Jul 22 2024 11:07 AM
Hi @XDeveloper29 - Thanks for raising the query.
We will look into it and let you know the updates.
Update: Your questions about implementing OAuth and accessing the Graph API in your Teams bot-based message extension. To address your queries:
Implementing OAuth: You can implement OAuth in a bot-based message extension by sending an OAuth Card to the Teams client, which is used to get the access token from Microsoft Entra ID using tokenExchangeResource
. Upon the user's consent, the Teams client sends the token received from Microsoft Entra ID to the bot app using token exchange.
Permissions and Configurations: Specific permissions are required in the Azure portal to enable access to the Graph API. You must register your app and ask for specific permission scopes to obtain the access tokens upon the app user's consent.
Alternative Methods: If you're looking for an alternative way to retrieve the replies without using the Graph API, currently, the Graph API is the primary method provided by Microsoft to interact with Teams data programmatically.
For a detailed guide on implementing authentication and obtaining access tokens, please refer to the official Microsoft documentation:
If you need any further assistance or have additional questions, please feel free to ask.
Jul 23 2024 11:00 AM
Jul 23 2024 12:09 PM
Jul 23 2024 12:27 PM
@Dinesh-MSFT , Can you please share the steps for current setup?
Aug 23 2024 02:21 AM
If you're using the Teams Toolkit and have your bot registered on dev.botframework.com, you can still implement OAuth without relying entirely on Azure Bot Service's built-in support. Here’s a step-by-step guide to handling OAuth manually in this setup:
You need to register your bot application with an identity provider like Azure AD. This will give you the necessary credentials (client ID, client secret) and endpoints for OAuth 2.0.
Azure AD Registration:
Configure Redirect URIs:
https://yourdomain.com/oauth2/callback
).API Permissions:
ChannelMessage.Read.All
or ChannelMessage.ReadWrite.All
.Since Azure Bot Service simplifies OAuth, you'll handle the OAuth flow manually in your application. Here’s a detailed approach:
a. Create an Authorization URL:
You need to redirect the user to the Microsoft authorization endpoint where they can log in and grant permissions.
const authorizationUrl = `https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?response_type=code&client_id={client-id}&redirect_uri={redirect-uri}&response_mode=query&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&state={state}`;
{tenant}
with your tenant ID.{client-id}
with your application (client) ID.{redirect-uri}
with your redirect URI.{state}
with a random string to prevent CSRF attacks.b. Handle Authorization Code Callback:
After the user grants permissions, they will be redirected back to your application with an authorization code.
import express from 'express'; import axios from 'axios'; const app = express(); app.get('/oauth2/callback', async (req, res) => { const code = req.query.code as string; if (code) { const response = await axios.post('https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token', null, { params: { client_id: 'your-client-id', scope: 'https://graph.microsoft.com/.default', code: code, redirect_uri: 'your-redirect-uri', grant_type: 'authorization_code', client_secret: 'your-client-secret' } }); const accessToken = response.data.access_token; res.send(`Access token: ${accessToken}`); } else { res.send('Authorization code not found'); } }); app.listen(3000, () => console.log('Server listening on port 3000'));
{tenant}
, {client-id}
, {redirect-uri}
, and {client-secret}
with your actual values.c. Use Access Token to Call Microsoft Graph API:
With the access token, you can make authenticated requests to Microsoft Graph API to retrieve messages and replies.
const getReplies = async (accessToken: string, teamId: string, channelId: string, messageId: string) => { const response = await axios.get(`https://graph.microsoft.com/v1.0/teams/${teamId}/channels/${channelId}/messages/${messageId}/replies`, { headers: { Authorization: `Bearer ${accessToken}` } }); return response.data; };
For Teams Toolkit, you can configure OAuth in the manifest.json
file of your Teams app. This ensures that Teams can handle authentication for you. However, manual OAuth flow is still necessary for accessing the Microsoft Graph API.
While Azure Bot Service simplifies OAuth with built-in support, you can manage the OAuth flow manually by: