I am working on a Bot framework project. We are using Oauth prompt sign-in card for validation in the directline channel. In Chrome incognito, validation code is displayed after sign in,Validation is getting success even if we provide " 134936123456789 " instead of " 134936 "Is there any other validation which we needs to do in code to block the extra numbers in the code.Validation will fail if we miss any number or add any number in between the code " 134936 " Example : Validation Failed Code : " 134836 "

Lakshmi_145 -Could you please provide the sample you are referring to along with repro steps and code snippets?

Prasad_Das-MSFT We have added the below OAuthPrompt to waterfall dialog. AddDialog(new OAuthPrompt(nameof(OAuthPrompt),new OAuthPromptSettings{ConnectionName = ConnectionName,Text = "Please Sign In",Title = "Sign In",Timeout = 300000})); private async Task<DialogTurnResult> PromptStepAsync(WaterfallStepContext stepContext, CancellationToken cancellationToken){return await stepContext.BeginDialogAsync(nameof(OAuthPrompt), null, cancellationToken);} private async Task<DialogTurnResult> LoginStepAsync(WaterfallStepContext stepContext, CancellationToken cancellationToken){// Get the token from the previous step.var tokenResponse = (TokenResponse)stepContext.Result;if (tokenResponse?.Token != null){//Here token response is not null even if we provide extra numbers after the actual validation code}}

Prasad_Das-MSFT is there any update on this issue. Do we have any other methods to validate the length of the validation code

Lakshmi_145 - We checked this sample (Microsoft-Teams-Samples/samples/bot-teams-authentication/csharp at main · OfficeDev/Microsoft-Teams-Samples · GitHub), however in this sample we are getting OAuth card to sign in and after entering creds, it is getting successfully signed in and sending the token. We were not able to implement the logic to get validation code as you got in browser.

Prasad_Das-MSFT Yes, we are also getting the sigin card and verification code.The issue is if we give extra number also with the verification code, it takes as valid data. If the actual verification code is 123456 and in the bot I gave 123456789211, still we are able to fetch the valid token from token response

Oauth Prompt sign in is success even if we provide wrong value

15 Replies

Prasad_Das-MSFT
Microsoft
Jul 11, 2023
Lakshmi_145 -Could you please provide the sample you are referring to along with repro steps and code snippets?
- Lakshmi_145
  Iron Contributor
  Jul 12, 2023
  Prasad_Das-MSFT
  
  We have added the below OAuthPrompt to waterfall dialog.
  
  AddDialog(new OAuthPrompt(
  nameof(OAuthPrompt),
  new OAuthPromptSettings
  {
  ConnectionName = ConnectionName,
  Text = "Please Sign In",
  Title = "Sign In",
  Timeout = 300000
  }));
  
  private async Task<DialogTurnResult> PromptStepAsync(WaterfallStepContext stepContext, CancellationToken cancellationToken)
  {
  return await stepContext.BeginDialogAsync(nameof(OAuthPrompt), null, cancellationToken);
  }
  
  private async Task<DialogTurnResult> LoginStepAsync(WaterfallStepContext stepContext, CancellationToken cancellationToken)
  {
  // Get the token from the previous step.
  var tokenResponse = (TokenResponse)stepContext.Result;
  if (tokenResponse?.Token != null)
  {
  //Here token response is not null even if we provide extra numbers after the actual validation code
  }
  }
  - Lakshmi_145
    Iron Contributor
    Jul 14, 2023
    Prasad_Das-MSFT is there any update on this issue. Do we have any other methods to validate the length of the validation code

Forum Discussion

Oauth Prompt sign in is success even if we provide wrong value

15 Replies

Resources