Get refresh token of Teams Desktop of the current user
The Teams client must store access and refresh tokens somewhere (probably encrypted in the local or session storage of the underlying browser) I am wondering, if there is a way to read those tokens, especially the refresh token that Teams uses to call its Apis in the background. If I open the Teams developer tools, I can not find the token in any of the requests. And Fiddler seems to block Teams and there is no easy way to sniff the traffic produced by the client- do you have any other idea? Why do I need this? I need this token to write a script that uses the unofficial Teams api (not the graph). I want to use this API to create a link to a certain SharePoint library in all my Teams (it used to be called "Add cloud storage") This option is not available in the Graph and therefore I have to use the unofficial Teams Api to create those references programmatically. Getting a token for it (via authorization code flow) seems only possible with the Teams client itself.
External oAuth for bot/message extension app
I have created a bot/message extension app using teams toolkit in visual studio code in typescript language. I want to add authentication using oauth for GitHub. I have check a doc but it seems to be for a tab app. https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-oauth-provider Please help on how I can do oAuth authentication for the Github provider for bot/msg extension app then use the GitHub APIs.....
Missing session cookie (*****) in consent redirect request.
Hi, I've a message extension develop for MS Teams and I get this error in the OAuth 2.0 flow. The flow is: 1. Get sign in button in Message Extension 2. Go to our IdP screen and provide the email 3. Get a link in your e-mail address to continue with the authentication 4. Press the link and get this error. I don't see any docs regarding this error. I assume that some parameter is missing in the link generated. Can someone point any ideas on what is this or how to solve this issue?oauthCard works on azure but not teams - "Something went wrong. Please try again."
Im trying to create a teams app/bot using oauthCard to connect to auth0. When I deploy the bot to Azure and "Test in web chat", it works fine, and pops up a new window with the auth page. However when I try the bot in teams, the card has a message: "Something went wrong. Please try again.". There are no console logs or network traffic when clicking on the button. Id appreciate help, even if its just telling me where I can find debug info. Here is where Im implementing the card: // Trigger command by IM text switch (txt) { case "welcome": { const card = AdaptiveCards.declareWithoutData(rawWelcomeCard).render(); await context.sendActivity({ attachments: [CardFactory.adaptiveCard(card)] }); break; } case "learn": { this.likeCountObj.likeCount = 0; const card = AdaptiveCards.declare<DataInterface>(rawLearnCard).render(this.likeCountObj); await context.sendActivity({ attachments: [CardFactory.adaptiveCard(card)] }); break; } case "login": { const oauthCard = CardFactory.oauthCard( 'authconnection', 'Please sign in', 'Sign In' ); await context.sendActivity({ attachments: [oauthCard] }); break; } } Here is my manifest. Thought the issue could be with validDomains thus all the wild cards: { "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.16/MicrosoftTeams.schema.json", "manifestVersion": "1.16", "version": "1.0.0", "id": "${{TEAMS_APP_ID}}", "packageName": "com.microsoft.teams.extension", "developer": { "name": "Teams App, Inc.", "websiteUrl": "https://www.example.com", "privacyUrl": "https://www.example.com/termofuse", "termsOfUseUrl": "https://www.example.com/privacy" }, "icons": { "color": "color.png", "outline": "outline.png" }, "name": { "short": "cr-teams-app-${{TEAMSFX_ENV}}", "full": "full name for cr-teams-app" }, "description": { "short": "short description for cr-teams-app123", "full": "full description for cr-teams-app" }, "accentColor": "#FFFFFF", "bots": [ { "botId": "${{BOT_ID}}", "scopes": [ "personal", "team", "groupchat" ], "isNotificationOnly": false, "supportsCalling": false, "supportsVideo": false, "supportsFiles": false, "commandLists": [ { "scopes": [ "personal", "team", "groupchat" ], "commands": [ { "title": "welcome", "description": "Resend welcome card of this Bot" }, { "title": "learn", "description": "Learn about Adaptive Card and Bot Command" }, { "title": "login", "description": "Connect to Controlrooms.ai" } ] } ] } ], "configurableTabs": [], "staticTabs": [], "permissions": [ "identity", "messageTeamMembers" ], "validDomains": [ "token.botframework.com", "${{BOT_DOMAIN}}", "*.azurewebsites.net", "*.*.portal.azure.net", "*.com", "*.*.com", "*.*.*.com", "*.*.*.*.com", "*.net", "*.*.net", "*.*.*.net", "*.*.*.*.net", "*.ai", "*.*.ai", "*.*.*.ai", "*.*.*.*.ai" ], "webApplicationInfo": { "id": "${{BOT_ID}}", "resource": "api://botid-${{BOT_ID}}" } } Thanks again for any help.Access session (UniversalBot.loadSession) and it's userData from tab
Hello! Is there any possibility to access the current session (UniversalBot.loadSession with an address object) and the associated userData when handling a request for a tab? There is microsoftTeams.getContent on the tab client side, but that information is insecure and cannot be used for authentication as stated in the docs. When handling a bot request, e.g. handling a messaging extension request for a search which needs authentication to an external IDP, this information can be accessed through the address object from the event object in an onQuery-handler, but so far I could not figure out how to do this when handling a request for a tab. Especially I don't know how to access the address object with which the session can be loaded. I would need this to use one single authentication flow with the bot but not an additional tab based authentication flow. I want to avoid using microsoftTeams.authentication.authenticate as a second parallel authentication flow to the bot authentication initiated with responding with composeExtension/type "auth"/"openUrl". Using two parallel authentication flows may confuse the user as e.g. when the user first uses the tab flow the bot/messaging extension needs an additional authentication, and when using the bot flow first the tab can be authenticated through localStorage (writing the access token into the localStore in the authentication callback site) on the machine where the authentication took place, but when signed in to Teams simultaneously on another machine, the bot can use the access token there too, as the Teams sessions is the same, but the tab is not authenticated as it cannot access the session. Regards, Dominik
