Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

OAuthPrompt in v4.10.3 + Generic Oauth 2 + IdentityServer = No prompt is shown

See original GitHub issue

OAuthPrompt in Microsoft.Bot.Builder.Dialogs v4.10.3 seems to be broken when using the connection name of “Generic Oauth 2” service provider - it is not displayed in Teams dialog with the bot, nor in WebChat.

To Reproduce

  1. Set up an IdentityServer instance locally, which needs to have the client configured as follows:
  • ClientId: your_client_id
  • ClientSecret: your_client_secret
  • RedirectUris: ["https://token.botframework.com/.auth/web/redirect"]
  • RequireConsent: false
  • AllowOfflineAccess: true,
  • AllowedScopes: ["openid", "profile"],
  • AllowedGrantTypes: ["authorization_code"],
  • RequirePkce: false, <-- necessary so Bot services can use it, as Bot services don’t seem to support PKCE
  • RefreshTokenUsage: TokenUsage.ReUse <-- the Bot services seem unable to handle the one-time refresh tokens
  1. Configure the Generic Oauth 2 service provider in Bot Channels registration so it points to the IdentityServer instance (you can use ngrok to host the IdentityServer instance) like this:
  • Client id: your_client_id,
  • Client secret: your_client_secret,
  • Authorization URL: https://<your identity server address>/connect/authorize,
  • Token URL: https://<your identity server address>/connect/token,
  • Refresh URL: https://<your identity server address>/connect/token,
  • Scopes: openid profile
  1. Start from the Teams Auth sample
  2. Edit appsettings.json to enter the valid credentials and use the connection name of AADv2 service provider
  3. Start the bot, type “hi” or whatever in Teams conversation with the bot and it will display a sign-in card.
  4. Stop the bot, go back to appsettings.json and change the connection name to have the name of the configured Generic Oauth 2 service provider connection name
  5. Start the bot again, type “hi” or whatever in Teams convo with the bot and it won’t display anything.

Screenshots

The configuration of Generic OAuth 2 service provider connection: Generic Oauth 2

Additional context

This is the output from VS debugging:

Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker: Information: Route matched with {action = "Post", controller = "Bot"}. Executing controller action with signature System.Threading.Tasks.Task PostAsync() on controller Microsoft.BotBuilderSamples.BotController (TeamsAuth).
Microsoft.Bot.Builder.Integration.AspNet.Core.BotFrameworkHttpAdapter: Information: Received an incoming activity.  ActivityId: 1605218380039
Microsoft.BotBuilderSamples.DialogBot: Information: Running dialog with Message Activity.
TeamsAuth Information: 0 : 'hi' ==> beginDialog      ==> MainDialog 
TeamsAuth Information: 0 : 'hi' ==> beginDialog      ==> WaterfallDialog 
TeamsAuth Information: 0 : 'hi' ==> beginDialog      ==> OAuthPrompt 
Microsoft.Bot.Builder.Integration.AspNet.Core.BotFrameworkHttpAdapter: Information: GetTokenAsync: Acquired token using ADAL in 0.
Exception thrown: 'Microsoft.Rest.TransientFaultHandling.HttpRequestWithStatusException' in Microsoft.Rest.ClientRuntime.dll
Exception thrown: 'Microsoft.Rest.TransientFaultHandling.HttpRequestWithStatusException' in System.Private.CoreLib.dll
Microsoft.Bot.Builder.Integration.AspNet.Core.BotFrameworkHttpAdapter: Information: GetTokenAsync: Acquired token using ADAL in 0.
Microsoft.Bot.Builder.Integration.AspNet.Core.BotFrameworkHttpAdapter: Information: Sending activity.  ReplyToId: 1605218380039
Microsoft.Bot.Builder.Integration.AspNet.Core.BotFrameworkHttpAdapter: Information: GetTokenAsync: Acquired token using ADAL in 0.
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker: Information: Executed action Microsoft.BotBuilderSamples.BotController.PostAsync (TeamsAuth) in 746.9577ms
Microsoft.AspNetCore.Routing.EndpointMiddleware: Information: Executed endpoint 'Microsoft.BotBuilderSamples.BotController.PostAsync (TeamsAuth)'
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 762.0714ms 200

Note that the sign in via this connection name works fine when used with messaging extensions:

new MessagingExtensionResult
{
    Type = "auth",
    SuggestedActions = new MessagingExtensionSuggestedAction
    {
        Actions = new List<CardAction>
        {
            new CardAction
            {
                Type = ActionTypes.OpenUrl,
                Value = signInAddress,
                Title =  title,
            }
        }
    }
};

Also, if I sign in through the messaging extension first, the OAuthPrompt will correctly retrieve the access token for either requested connection name.

Also… I tried with an older 46.teams-auth sample which used v4.6.2 and it also worked fine. Pls fix 🥇

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:13

github_iconTop GitHub Comments

1reaction
dejancgcommented, Nov 6, 2020

@jwiley84 no error message. Just doesn’t show up (you can try with the sample I mentioned, it’s not hard to reproduce). In our application, however, BeginDialogAsync method of OAuthPrompt throws an error with HTTP status code 404.

0reactions
dejancgcommented, Nov 12, 2020

@jwiley84 it seems I made a mistake when configuring the Generic Oauth2 provider after all. BotBuilder 4.10 is probably using the Token Exchange URL which wasn’t used by the previous BotBuilder versions. The problem was that I wrongfully set the value of Token Exchange URL to the token endpoint URL, where it had to be left blank. When I cleared the value, since it’s an optional field, the OAuthPrompt started to show, even with 4.10. Please accept my apologies for wasting your time on this issue.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Teams Bot: OAuthPrompt not shown up - Microsoft Q&A
While updating Teams Bot I started facing an issue when I send OAuthPrompt card. By some reason it's not shown up in the...
Read more >
OauthPrompt is not working inside of teams, works fine in ...
OauthPrompt is not working inside of Teams, works fine in Bot Framework Emulator and in 'Test in Web chat'. Inside of Teams app...
Read more >
OAuthPrompt not shown up
My problem is that OAuth prompt card is not rendered at all in real chat (Teams web app or standalone app) but works...
Read more >
OpenAM 10.1 > Administration Guide
This guide shows you how to configure, maintain, and troubleshoot OpenAM for single sign on and authorization, password reset, account lockout, cross-domain ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

When using the Log to Console action, using an expression only outputs that as literal text

Next page

JsonReaderException when deserializing Slack payload to the InteractionPayload model