POST /v3/conversations ➡ InternalServerError: Cannot read property 'appid' of undefined
See original GitHub issueVersion
4.2.1
Describe the bug
Bot Framework emulator is throwing a 500 InternalServerError
when posting to /v3/conversations
, despite the same code works in a deployed bot with Microsoft Teams.
(1) The error message is Cannot read property 'appid' of undefined
, when the request contains a valid JWT Bearer token in the Authorization header. (The JWT payload DOES contain a property called appid
btw.)
(2) If I leave the Authorization header empty, I get another 500 InternalServerError
and the error message is Cannot read property 'payload' of undefined
.
(3) If I send some random text as the Bearer token in the Authorization header - as suggested here - I get a 401 Unauthorized
(at least not another 500 InternalServerError
🙄).
Repro steps
- Start the Bot Framework Emulator.
- Open Postman.
- Make a POST request to the local
serviceUrl
’s/v3/conversations
endpoint (it should look like this:http://localhost:PORT/v3/conversations
) with the request body included below and (1) a JWT generated by the .NET Bot Builder SDK v4 / (2) nothing / (3) some random text in the Authorization header. - See error.
Expected behavior
- DO NOT give back
500 InternalServerErrors
with JavaScript error messages on the API endpoints. Handle the errors and send back a400 BadRequest
or even an500 InternalServerError
but with a meaningful error message. - In the (1) situation the API should respond with a
200 OK
and send theconversationId
in the body of the response. - In the (2) situation the API should respond with a
401 Unauthorized
IMHO, but clearly not with500 InternalServerError
. - In the (3) situation the
401 Unauthorized
is correct IMHO, but if we take @tonyanziano’s comment into account, then it should respond correctly with200 OK
and aconversationId
.
Debug
I was able trace the issue back to this line in the Bot Framework Emulator: https://github.com/Microsoft/BotFramework-Emulator/blob/4b620e3367938243a70fada026654280727b7beb/packages/emulator/core/src/conversations/middleware/getBotEndpoint.ts#L64 But I’m not totally sure what is causing the issue here. Maybe something is broken in JWT parsing.
Additional context
Request body:
{
"bot": {
"id": "3",
"name": "Bot",
"role": "bot"
},
"members": [
{
"id": "3570b2c3-9377-4880-87a1-666bba16d0bb",
"name": "User",
"role": "user"
}
],
"channelData": {
"clientActivityId": "1545857215036.8654911430483678.2"
}
}
Parsed JWT token:
{
"typ": "JWT",
"alg": "RS256",
"x5t": "nbCwW56w3KsB-xUaPlLOSLjODGQ",
"kid": "nbCwW56w3KsB-xUaPlLOSLjODGQ"
}.{
"aud": "https://api.botframework.com",
"iss": "https://sts.windows.net/d6d49420-****-****-****-************/",
"iat": 1545856906,
"nbf": 1545856906,
"exp": 1545860806,
"aio": "42RgPOsZXnazy/hiHcpsJAVW1petAA==",
"appid": "3e58d71d-****-****-****-************",
"appidacr": "1",
"idp": "https://sts.windows.net/d6d49420-****-****-****-************/",
"tid": "d6d49420-****-****-****-************",
"uti": "pL3r9YTz7EuFksrQefLsAA",
"ver": "1.0"
}.[Signature]
Code used to make the request originally with the .NET Bot Builder SDK v4:
await _botFrameworkAdapter.CreateConversationAsync(
"emulator",
"http://localhost:31973",
new MicrosoftAppCredentials(**appId**, **appPassword**),
new ConversationParameters(bot: **botChannelAccount**, members: new List<ChannelAccount> { **userChannelAccount** }, channelData: **channelData**),
Callback(),
cancellationToken);
[bug]
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (3 by maintainers)
Top GitHub Comments
Beginning work on this now.
So while debugging with @justinwilaby, we discovered the following bugs/question marks:
payload
property ofjwt
is not necessary,appid
is directly contained injwt
.createConversations.ts
there is a check whetherconversationParameters.activity
is null. But it should rather check whether it is undefined…createConversations.ts
:this
does not have a property calledbotid
. What is ‘security bot id’ by the way?When we fixed (1), (2), commented out the whole check in (3), we were able to get the
200 OK
back with the conversation id. 🥳POST
ed to/v3/conversations/:conversationId/activities
happened anything at all on the emulator UI. What should happen in theory? A new tab should open in the emulator? The activity should appear in the current, open conversation in the emulator?