SSO for a Python Teams Bot (M365 Agents SDK + FastAPI) — Single-Tenant, Multi-Tenant, and UAMI
We're building, a Teams bot (Python / FastAPI) that uses the M365 Agents SDK (microsoft-agents-hosting-fastapi + microsoft-agents-authentication-msal, v0.8.0) with a CloudAdapter and MsalConnectionManager. The bot is currently scoped to personal only and runs behind an Azure Bot resource. We are trying to implement SSO to authenticate users, so far we are not successful. The main blocker is that we failed to authenticate users from tenant different than the Azure Bot resource of our app. If anyone has successfully managed to authenticate users on Teams using a setup similar than ours please do share your experience. We would love to learn from your experience. So far this was our main source of documentation: https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/bot-sso-overview Many thanks
Possibly check blocked state instead of exception
Once a user blocked the bot, and when a message is sent to that user, the exception(Forbidden) was thrown. Is there any possible way to check whether the user has blocked or not, instead of catching the exception? So maybe something like if(user.hasblocked()) {}....?
Bot not receiving message events in shared channels (RSC)
Hi folks, Running into an issue with a bot in Microsoft Teams shared channels. I've configured RSC permissions to listen for new messages. This works as expected in standard channels - I receive events for every new message. However, in shared channels, the behavior is different: I only receive events when the bot is explicitly tagged Regular messages in the channel don’t trigger any events Permissions currently granted: Channel.ReadBasic.All (Application) ChannelMember.Read.All (Application) ChannelMessage.Read.All (Application) Has anyone faced this with shared channels? Is this expected behavior or am I missing something in setup? Thanks!
Question about barCode.scanBarCode
Dear sir I'm developing Teams mobile application, static tab(Personal app Tab). We need a QR scan feature. However I can't use that. barCode.isSupported() is always false. Is there any restriction on static tab app? Here are my conditions. -. "import { app, authentication, barCode } from '@microsoft/teams-js';" . version : 2.37.0 -. manifest.json : "devicePermissions": ["media"], -. app.initialize() is sucessfully done. I can see the barCode object Unfortunatly, barCode.isSupported() shows false. Android, iOS has the same result. Can you advise how I can use the barCode camera.? Many thanks
Cannot create new subscription to resource
APP BACKGROUND I have an app that integrate with Microsoft Graph API in order to create subscriptions for some resources. In order to keep subscriptions valid for a long period, I have to update it to continue receiving change notifications on these resources. Basically my workflow for refresh a subscription is: First I try to patch the subscription through this endpoint: PATCH https://graph.microsoft.com/v1.0/subscriptions/{subscription_id} If something fails and I couldn't update it I have a fallback process that deletes it and recreate the subscription after. To delete the subscription I call this endpoint: DELETE https://graph.microsoft.com/v1.0/subscriptions/{subscription_id} And right after I call the endpoint to create the subscription again: POST https://graph.microsoft.com/v1.0/subscriptions/ ISSUE This process works well the most part of the time, but during some hours ( generally during 1~3h) on random days, it stop to work for some random resources. Basically I receive a 404 status from Microsoft when trying to patch or delete the subscription (which is expected on this case), but when I attempt to create a new subscription it returns a 403 error saying: Operation: Create; Exception: [Status Code: Forbidden; Reason: App 'aaaa-bbbb-cccc-dddd-ffff' has reached its limit of '1' 'USERS/AAAAA-BBBB-CCCC-DDDD-EEEE/CHATS/GETALLMESSAGES' subscription on tenant 'aaaaa-hhhhhh-jjjj-uuuu-zzzz How could the subscription already exists if previously it returned a 404 saying that it doesn't exists? SAMPLE REQUEST ID Following the request id a sample of this issue: PATCH https://graph.microsoft.com/v1.0/subscriptions/{subscription_id} date: 2024-07-15T17:08:03 request-id: f5504a6c-b571-4ee4-893c-b96aae64a759 client-request-id: f5504a6c-b571-4ee4-893c-b96aae64a759 result: 404 - Not found DELETE https://graph.microsoft.com/v1.0/subscriptions/{subscription_id} date: 2024-07-15T17:08:03 request-id: 1d3c601d-f761-43f2-8260-c30bf7a3540e client-request-id: 1d3c601d-f761-43f2-8260-c30bf7a3540e result: 404 - Not found POST https://graph.microsoft.com/v1.0/subscriptions/ date: 2024-07-15T17:08:03 request-id: c06196f7-d3c2-4a7d-8e7b-6fc9d63ec496 client-request-id: c06196f7-d3c2-4a7d-8e7b-6fc9d63ec496 result: 403 - Forbidden - App 'aaa-bbb-cc' has reached its limit of '1' 'USERS/DDD-FFF-GGG/CHATS/GETALLMESSAGES' subscription on tenant 'bbb-dddd-aaa-eeeee'
App Validation Issue - Bot must send a proactive welcome message in personal scope
I'm working on a bot application for MS Teams using the Python SDK and encountered a challenge with app validation and the proactive welcome message requirement. What Happened: Initially, our bot handled the welcome message through on_installation_update, but app validation failed with the error: "Bot must send a proactive welcome message in personal scope." To satisfy validation, we added on_members_added_activity to send the welcome message for personal scope, which resolved the validation error. However, this created a new problem: on_members_added_activity is being triggered when we call the Graph API to query chats or users: {graph_url}/me/chats $filter=chatType eq 'oneOnOne' and installedApps/any(a:a/teamsApp/id eq '{teams_app_id}') {graph_url}/users/{user_id}/chats $filter=chatType eq 'oneOnOne' and installedApps/any(a:a/teamsApp/id eq '{teams_app_id}') According to a Stack Overflow discussion (https://stackoverflow.com/questions/57496329/proactive-messaging-bot-in-teams-without-mentioning-the-bot-beforehand), this appears to be a known issue: calling this API triggers a conversation update event even though there were no actual updates, resulting in duplicate events and duplicate welcome messages. Questions: What is the official/recommended way to handle known issue: calling this API triggers a conversation update event? Whats the recommended way to read personal chat history of a user? Should we be using a different approach for this app validation requirement? Any guidance or pointers to official documentation would be greatly appreciated!
