Trying to get a proactive messaging bot working on GCCH. Previous version of this worked seamlessly for many months but on commercial cloud.
Currently the bot only has delegated openid, profile and user.readbasic.all permissions in Graph. I have deleted recreated the bot and app since I have read that this can be an edge case.
- The bot is set as a SingleTenant
- The bot web redirect uri is set to :
https://tokengcch.botframework.azure.us/.auth/web/redirect
- The Teams manifest has been added to Teams but when a user is added there is no message received and the following is logged from the token inspection middleware:
2025-01-21T07:58:42.120445574Z: [INFO] [2025-01-21 07:58:42,119] [custom_middleware:INFO] Item: serviceurl, Value: https://smba.infra.gov.teams.microsoft.us/gcch/
2025-01-21T07:58:42.144561251Z: [INFO] [2025-01-21 07:58:42,119] [custom_middleware:INFO] Item: nbf, Value: 1737446321
2025-01-21T07:58:42.144580753Z: [INFO] [2025-01-21 07:58:42,119] [custom_middleware:INFO] Item: exp, Value: 1737449921
2025-01-21T07:58:42.144585953Z: [INFO] [2025-01-21 07:58:42,120] [custom_middleware:INFO] Item: iss, Value: https://api.botframework.us
2025-01-21T07:58:42.144590953Z: [INFO] [2025-01-21 07:58:42,120] [custom_middleware:INFO] Item: aud, Value: <MY-APP-ID>
2025-01-21T07:58:42.144595654Z: [INFO] [2025-01-21 07:58:42,120] [__main__:INFO] New message received from http://app-teams-auth.azurewebsites.us/api/messages
2025-01-21T07:58:42.144604654Z: [INFO] [2025-01-21 07:58:42,136] [aiohttp.access:INFO] 169.254.130.1 [21/Jan/2025:07:58:42 +0000] "POST /api/messages HTTP/1.1" 401 180 "-" "Microsoft-SkypeBotApi (Microsoft-BotFramework/3.0)"
When checking the browser logs there are these messages:


Auth method
The config file has the bot credentials as below:
class BotCredentials:
APP_ID = os.getenv('APP_ID')
APP_PASSWORD = os.getenv('APP_PASSWORD')
APP_TENANTID = os.getenv('APP_TENANTID')
APP_TYPE = SingleTenant
CHANNEL_SERVICE = https://botframework.azure.us
OAUTH_URL = https://tokengcch.botframework.azure.us/.auth/web/redirect
TO_CHANNEL_FROM_BOT_LOGIN_URL = https://login.microsoftonline.us/MicrosoftServices.onmicrosoft.us
TO_CHANNEL_FROM_BOT_OAUTH_SCOPE = https://api.botframework.azure.us
TO_BOT_FROM_CHANNEL_TOKEN_ISSUER = https://api.botframework.azure.us
TO_BOT_FROM_CHANNEL_OPENID_METADATA_URL = https://login.botframework.azure.us/v1/.well-known/openidconfiguration
TO_BOT_FROM_EMULATOR_OPENID_METADATA_URL = https://login.microsoftonline.us/cab8a31a-1906-4287-a0d8-4eef66b95f6e/v2.0/.well-known/openid-configuration
VALIDATE_AUTHORITY = True
Code instantiating the adapter:
from botbuilder.integration.aiohttp import CloudAdapter, ConfigurationBotFrameworkAuthentication
auth = ConfigurationBotFrameworkAuthentication(CONFIG.BotCredentials)
ADAPTER = CloudAdapter(auth)
Thanks for any help since this has been driving me crazy