@Gabriel St-Pierre Thanks for reaching out to us. It seems the issue may be related to the OAuth callback process. It's not just about opening the sign-in page, but also about handling the callback correctly.
The typical OAuth flow with Azure Bot Framework is as follows:
- The bot sends a sign-in card to the user.
- The user clicks the sign-in button, which directs them to the OAuth provider's sign-in page.
- After the user signs in, the OAuth provider redirects the user to a callback URL.
- The Bot Framework's OAuth service receives the callback, creates a token, and sends a message (known as the token response) to the bot.
The "https://token.botframework.com/.auth/web/redirect" URL you're using as the redirect_uri is the callback URL for the Bot Framework's OAuth service. This URL is where the OAuth provider sends the authorization code after the user signs in.
If the authentication popup opens to the right page but nothing happens after that, it means that the OAuth provider isn't able to send the authorization code to the Bot Framework's OAuth service. This could be due to a misconfiguration in your OAuth settings.
Here are a few things you can have a try -
- Make sure that the "https://token.botframework.com/.auth/web/redirect" URL is registered as the callback URL/redirect URI in your OAuth provider's settings.
- Check your OAuth connection settings in Azure Bot Service to make sure that the client ID, client secret, and scopes are correctly set.
- Verify that the Authorization URL and Token URL in your OAuth connection settings are correct.
- If you're using a custom OAuth provider, make sure that it supports the authorization code grant type, which is required for the OAuth flow used by Azure Bot Service.
If everything is correctly set up, the OAuth provider should be able to redirect the user to the Bot Framework's OAuth service after sign-in, and the OAuth service should be able to send a token response to your bot.
Please let us know how it works.
Regards,
Yutong