Pass authentication token to bot during single sign-on in live chat
Important
Power Virtual Agents capabilities and features are now part of Microsoft Copilot Studio following significant investments in generative AI and enhanced integrations across Microsoft Copilot.
Some articles and screenshots might refer to Power Virtual Agents while we update documentation and training content.
With single sign-on (SSO) in Omnichannel for Customer Service, your bots can perform secure actions on behalf of the customer during an ongoing customer conversation. This provides a seamless, personalized, and secure experience for the customer, thereby improving customer satisfaction.
In the live chat channel, you can set up authentication in Azure or Copilot Studio bots. You can request authentication during a customer conversation before seeking or processing any confidential information such as bill payment, order returns, and any other sensitive data. As a bot author or developer, you can choose to show the OAuth card if the customer hasn't signed in or if the customer sign-in couldn't be validated. You can choose to hide the card if the customer has already signed in.
Here's how this works:
During the live chat, your bot requests the customer for authentication before processing any sensitive or confidential information.
You intercept the OAuth card and call your function to send the authentication token directly to the bot.
Your function will then pass an authentication token (if found) and tell Omnichannel for Customer Service whether the OAuth or sign-in card should be displayed or not, based on the customer's sign-in status.
Prerequisites
If you're using Azure bots, ensure that you've installed the latest versions of the following two library packages:
- Microsoft.Bot.Builder.Dialogs This library implements the .NET Simple Dialog classes.
- Microsoft.Bot.Builder.Integration.AspNet.Core This library integrates the Bot Builder SDK with ASP.NET Core.
If you're using a Copilot Studio bot, ensure that you manually set up end user authentication for Copilot Studio. More information: Configure manual user authentication
Sample code
Here's a code sample that illustrates how you can pass an authentication token to an Azure or Copilot Studio bot during single sign-on.
const signInIds = [];
window.Microsoft.Omnichannel.LiveChatWidget.SDK.setBotAuthTokenProvider(async (botTokenUrl, callback) => {
const urlSearchParams = new URLSearchParams(botTokenUrl);
const signInId = urlSearchParams.get("state");
if (signInIds.includes(signInId)) { // Ignore authenticated sign-in cards
callback({show: false}); // Hide card
return;
}
signInIds.push(signInId);
const authUrl = ""; // Customer's Authentication API
const authResponse = await fetch(authUrl, method: "POST"});
const {token} = authResponse; // Customer's Auth Token
const data = {
token: "token"
};
const payload = {
method: "POST",
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify(data)
};
try {
const botAuthResponse = await fetch(botTokenUrl, payload); // Posts Auth Token to Bot directly
// Sign in through Bot is successful
if (botAuthResponse.status === 200) {
signInIds.push(signInId); // Track authenticated sign-in card
callback({show: false}); // Hide card
}
if (botAuthResponse.status === 404 || botAuthResponse.status == 202) {
callback({show: false}); // Hide card
return;
} else {
// Other condition handling
}
return;
} catch (error) {
}
callback({show: true}); // Show sign-in card by default
});
Related information
Integrate an Azure bot
Integrate Copilot Studio bot
setBotAuthTokenProvider method