certificate base authentication in botbuilder-java

Question

Hi,

We had created MS Teams app using Java SDK botbuilder. For authentication till now it is using App id and password. now we need to convert to certificate base authentication. We had followed the few documentation like create CertificateAppCredentials bean, pass to BotFrameworkAdapter. But still it is not working. please find below error log.

Please advice what changes need to be done for certificate base authentication.

ERROR:
Caused by: java.io.IOException: java.lang.IllegalArgumentException: clientSecret is null or empty

at com.microsoft.bot.connector.authentication.AppCredentialsInterceptor.intercept(AppCredentialsInterceptor.java:44) ~[bot-connector-4.14.3.jar:4.14.3]

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) ~[okhttp-4.12.0.jar:na]

at com.microsoft.bot.restclient.interceptors.BaseUrlHandler.intercept(BaseUrlHandler.java:40) ~[bot-connector-4.14.3.jar:4.14.3]

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) ~[okhttp-4.12.0.jar:na]

at com.microsoft.bot.restclient.interceptors.RequestIdHeaderInterceptor.intercept(RequestIdHeaderInterceptor.java:26) ~[bot-connector-4.14.3.jar:4.14.3]

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) ~[okhttp-4.12.0.jar:na]

at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) ~[okhttp-4.12.0.jar:na]

at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:517) ~[okhttp-4.12.0.jar:na]

... 3 common frames omitted

Caused by: java.lang.IllegalArgumentException: clientSecret is null or empty

at com.microsoft.aad.msal4j.ClientSecret.(ClientSecret.java:16) ~[msal4j-1.21.0.jar:1.21.0]

at com.microsoft.aad.msal4j.ClientCredentialFactory.createFromSecret(ClientCredentialFactory.java:33) ~[msal4j-1.21.0.jar:1.21.0]

at com.microsoft.bot.connector.authentication.CredentialsAuthenticator.(CredentialsAuthenticator.java:34) ~[bot-connector-4.14.3.jar:4.14.3]

at com.microsoft.bot.connector.authentication.MicrosoftAppCredentials.buildAuthenticator(MicrosoftAppCredentials.java:107) ~[bot-connector-4.14.3.jar:4.14.3]

at com.microsoft.bot.connector.authentication.AppCredentials.getAuthenticator(AppCredentials.java:173) ~[bot-connector-4.14.3.jar:4.14.3]

at com.microsoft.bot.connector.authentication.AppCredentials.getToken(AppCredentials.java:146) ~[bot-connector-4.14.3.jar:4.14.3]

at com.microsoft.bot.connector.authentication.AppCredentialsInterceptor.intercept(AppCredentialsInterceptor.java:42) ~[bot-connector-4.14.3.jar:4.14.3]

... 10 common frames omitted

Answer 1

Hi @Kha-N , @Sayali-MSFT ,
We had achieved certificate base authentication:
Below are code for reference :

`@Primary @Bean public CertificateAppCredentials certificateCredentials(SpringBotAppCredentials credentials) { return credentials.getAppCredentials(); }

@Bean
public TeamsConnectorClient restTeamsConnectorClient(CertificateAppCredentials credentials) {
	return new RestTeamsConnectorClient("https://smba.trafficmanager.net/uk/", credentials);
}


@Bean
public BotFrameworkAdapter botFrameworkAdapter(
		CertificateAppCredentials withCredentials,
        AuthenticationConfiguration withAuthConfig,
        ChannelProvider withChannelProvider) {
	
	Configuration conf = getConfiguration();
	
	String clientId = conf.getProperty("MicrosoftAppId");
	withCredentials.setAppId(clientId);

	BotFrameworkAdapter adapter = new BotFrameworkAdapter(withCredentials,
	        withAuthConfig,
	        withChannelProvider,
	        null,
	        null);
	
    return adapter;
}

`

and in extends TeamsActivityHandler we need to set teamsConnectorClient

 turnContext.getTurnState().remove(BotFrameworkAdapter.TEAMSCONNECTOR_CLIENT_KEY);
turnContext.getTurnState().add(BotFrameworkAdapter.TEAMSCONNECTOR_CLIENT_KEY, teamsConnectorClient);

Answer 2

Hi @Kha-N ,

Thanks for quick response.

Unfortunately I don't  Microsoft Tech Community forum access.
The C# sample code that you had provided, similar code is not present in JAVA SDK.

If possible can you please post my query on Microsoft Tech Community forum.

Answer 3

Hi @VaibhAvaMankar,

Welcome to Microsoft Q&A, and thank you very much for reaching out to us.

Please note that as a Microsoft Q&A moderator, I don’t have access to your specific configuration, and my testing environment is limited. I can only assist based on available documentation and resources. Additionally, the Bot Framework Java SDK and the broader Bot Framework SDK are no longer supported by Microsoft, so guidance for this scenario is limited. That said, I’ll do my best to help.

From your description, as I checked, based on the error log:

at com.microsoft.bot.connector.authentication.CredentialsAuthenticator.(CredentialsAuthenticator.java:34)

From my research, this error indicates that your bot is still building a client‑secret flow. The call path shows that CredentialsAuthenticator (the secret‑based authenticator) is being used instead of the certificate path (CertificateAuthenticator).

I looked further to see whether Microsoft provides an official Java sample for certificate‑based authentication in Bot Builder Java. Unfortunately, I was not able to find one.

Microsoft does have an article that describes updating a bot by using credentialsFactory with a CloudAdapter, but that guidance only applies to JavaScript and C#. It also targets a multi‑tenant app model that Microsoft no longer supports, so it cannot be applied to your Java‑based bot.

Therefore, to help you reach your goal more effectively, I recommend posting a thread on the Microsoft Tech Community forum. It’s a great platform for deeper technical discussions and connecting with individuals who have hands-on experience and expertise. They’re best positioned to provide guidance and valuable insights on this topic.

Thank you for your understanding.

---

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.