Clarification on Using Bot Framework SSO to Retrieve User Access Token from Entra ID in Web App

Question

Clarification on Using Bot Framework SSO to Retrieve User Access Token from Entra ID in Web App

Sudip Saha 5

We are building a web application using the Microsoft Bot Framework, integrated with Azure Bot Service. We have successfully configured Single Sign-On (SSO) in the Bot Service and now trying to leverage this SSO to obtain the user's access token from Microsoft Entra ID (Azure AD) within our Bot Framework-based web application.

Our goal is to use the token to securely access downstream APIs (like Microsoft Graph) on behalf of the signed-in Teams user.

We’ve followed the official Microsoft documentation for configuring SSO and access token retrieval: 🔗 https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/bot-sso-overview

We would appreciate any clarification or guidance on:

How to retrieve the access token in the bot's code (Web App backend)
Whether any additional steps are needed beyond what the guide outlines for token extraction and use.

We have tried with implemention based on this sample, but unable to retieve Access Token.
https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/bot-conversation-sso-quickstart/js

Sayali-MSFT 4,001 Reputation points Microsoft External Staff Moderator

2025-06-25T11:53:31.4366667+00:00

Hello @Sudip Saha ,Thank you for bringing this issue to our attention. We will look into it and get back to you shortly.

1 answer

Your answer

Sayali-MSFT 4,001 Reputation points Microsoft External Staff Moderator

2025-06-25T11:53:31.4366667+00:00

Hello @Sudip Saha ,Thank you for bringing this issue to our attention. We will look into it and get back to you shortly.

Answer 1

Kudos-Ng 945 Microsoft External Staff Moderator

Hi Sudip Saha,

Thank you for posting your question in the Microsoft Q&A forum.

Based on my research and understanding, once the user successfully signs in via Single Sign-On (SSO) in your Bot Framework-based web application, an access token should be returned. You can use this token to call downstream APIs like Microsoft Graph securely on behalf of the signed-in Teams user.

Microsoft provides a sample code snippet that shows how to retrieve the access token in your bot’s backend code. You can find it here: Update App Manifest to Enable SSO - Teams | Microsoft Learn

Additionally, to use Microsoft Graph API, your app must request the appropriate permissions based on the scopes you assign. You can refer to this documentation for more details: Microsoft Graph Permissions for App - Teams | Microsoft Learn

Make sure your Azure AD app registration includes the necessary delegated permissions and that consent has been granted either by the user or an admin, depending on your setup.

I hope this helps clarify everything! Please review the information I provided and let me know if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Sayali-MSFT 4,001 Reputation points Microsoft External Staff Moderator

2025-06-26T11:15:37.9633333+00:00

Hello @Sudip ,Could you please confirm if your issue has resolved with provided suggestions or still looking for any help?
Sudip Saha 5 Reputation points

2025-06-26T17:34:15.06+00:00
Thank you for the response.
It will be great help if anyone from the team available for quick meeting to resolve this issue.
We have added an Add OAuth Connection Setting to our Azure Bot Service configuration and verified it using the "Test Connection" feature, which successfully returns a valid token in the browser.

We have also followed the guidance provided in the following Microsoft Learn articles:

Update App Manifest to Enable SSO – Teams | Microsoft Learn

Microsoft Graph Permissions for App – Teams | Microsoft Learn

However, we are still unable to retrieve the user token programmatically within our bot. It will prompt Sign In, once entered singin details we are getting error in Bot like ,

Please find the attached code snippet,
krishanu sharma 0 Reputation points

2025-06-27T13:41:04.8466667+00:00

Hi @Kudos-Ng we can see the OAuth prompt in "Test in WebChat" or in "Emulator" but not in MS Teams.We have followed below links where users faced similar issue but still not able to find out what is missing.
https://answers.microsoft.com/en-us/msteams/forum/all/oauthprompt-card-does-not-render-inside-of-teams/96ad96cc-4f8b-4cd5-9274-a487bb25a74e
https://github.com/microsoft/BotBuilder-Samples/issues/1739
https://github.com/microsoft/botbuilder-js/issues/3872

Please provide some insights on this
Kudos-Ng 945 Reputation points Microsoft External Staff Moderator

2025-07-01T14:42:24.04+00:00

Hi Sudip Saha,

I know how frustrating it can be when things don’t work as expected, especially when you're working with custom bot code and trying to troubleshoot without clear error messages. I really appreciate you sharing your code and reaching out for help.

I'm not sure if you've already tried any troubleshooting steps, but I noticed you're using console.log to track the bot's behavior. Have you received any specific error logs or messages that might help narrow down the issue? Even small clues can make a big difference.

I’ve looked around for related posts and documentation, but unfortunately, I couldn’t find much beyond this one official resource that might be helpful: Troubleshoot SSO Authentication - Teams | Microsoft Learn

As a forum moderator, I’m limited in how deeply I can assist with custom app code issues, especially since I don’t have access to your bot’s configuration or environment. That said, I truly understand how important it is to get this working, and I highly recommend posting your question on the Microsoft Tech Community, where more developers and Microsoft engineers actively engage and may be able to provide deeper insights.

I genuinely hope this helps, and I’m rooting for you to find a resolution soon. If you do manage to solve it, it would be wonderful if you could share your solution here, others facing similar challenges would really benefit from your experience.
Kudos-Ng 945 Reputation points Microsoft External Staff Moderator

2025-07-04T14:39:19.78+00:00

Hi Sudip Saha,

Just following up to see if you had a chance to review my previous response. It’s been a little while, and I wanted to make sure it reached you.

If you have any updates or further questions, feel free to share! I’m happy to help however I can. And if the information I provided was helpful in any way, please consider marking it as the accepted answer so others in the community facing similar issues can benefit from it too.

Wishing you the best with your bot integration!

Share via

Clarification on Using Bot Framework SSO to Retrieve User Access Token from Entra ID in Web App

1 answer

Your answer