Teams Bot: OAuthPrompt not shown up

Question

Teams Bot: OAuthPrompt not shown up

Andrei Grebennikov 1

While updating Teams Bot I started facing an issue when I send OAuthPrompt card. By some reason it's not shown up in the Teams conversations in web app or native app. But it works fine when I use it in "Test in Web Chat". When it doesn't work I see an error in browser console:

getAuthToken: webApplicationInfo resource format does not contain botid {botIdValue}

How can I debug it? What might be wrong? I'm using custom auth provider so in Configuration it's Generic OAuth 2.

My question on Techcommunity: https://techcommunity.microsoft.com/t5/teams-developer/oauthprompt-not-shown-up/m-p/3576361/highlight/false#M6033
Related questoin on Stackoverflow: https://stackoverflow.com/questions/68406871/oauthprompt-is-not-working-inside-of-teams-works-fine-in-emulator-and-in-test

JimmyYang-MSFT 39,141 Reputation points Microsoft Vendor

2022-08-01T08:33:05.3+00:00

Hi @Andrei Grebennikov

Teams tag is mainly focused on the general issue of Microsoft Teams troubleshooting. According to your description, your issue is more related to Teams Bot development, which we do not support. So I will also add office-teams-app-dev tag to your thread. Thanks for your understanding!
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-01T09:58:00.02+00:00

@sympli-andrew- Could you please share the Bot id and timestamp so that we can investigate from our end?
Andrei Grebennikov 1 Reputation point

2022-08-01T10:24:01.883+00:00

Bot id is 7205e580-78af-4a0d-b7a8-af8399a31cf1 and timestamp:
2022-08-01T10:23:43.067Z getAuthToken: webApplicationInfo resource format does not contain botid: 7205e580-78af-4a0d-b7a8-af8399a31cf1
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-01T12:36:35.547+00:00

@sympli-andrew-We checked the bot log and we found the following error-
Skipping ReadReceipt event because the feature isn't explicitly enabled for Bot '7205e580-78af-4a0d-b7a8-af839xxxxcf1' in the tenant '5fd90985-f406-47a0-9043-89ffdca3xxxx'
Andrei Grebennikov 1 Reputation point

2022-08-01T12:42:13.34+00:00

Can you add more details please? What feature? And how can I enable it? Are there any way to get this error message from code or anywhere else to be sure that we won't break everything once again?
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-01T12:54:48.557+00:00

@sympli-andrew-We check with the internal team and let you know once we get any update.
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-01T13:10:54.983+00:00

@sympli-andrew- Got the related thread -https://stackoverflow.com/questions/68406871/oauthprompt-is-not-working-inside-of-teams-works-fine-in-emulator-and-in-test
hope it's helpful.
Andrei Grebennikov 1 Reputation point

2022-08-01T13:35:26.887+00:00

Thanks for the link, I've seen it while trying to find possible reason. Can you please explain a bit more straight forward what exactly is missed in my setup? In the documentation they are using Azure AD as OAuth provider, but I'm using my custom oauth provider.
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-02T08:14:30.387+00:00

@sympli-andrew-We check it with engineering team and let you know.
Andrei Grebennikov 1 Reputation point

2022-08-05T07:44:02.493+00:00

Sorry to ping you, maybe you have any updates for that?
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-05T07:59:06.46+00:00

@sympli-andrew- Sorry for the delay, Currently, we don’t have ETA or Update on this thread.
We will update this thread once we get any update.
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-25T05:15:18.157+00:00

@Andrei Grebennikov -Got the update from engineering teams. "This is probably that they have not added the bot ID to the config files of the bot"
Andrei Grebennikov 1 Reputation point

2022-08-25T07:18:01.58+00:00

I wish it would be that easy... If we didn't add bot ID into the config file, it won't even start working. And I checked several times if it's there. I can share manifest with you if it will help. Also, we can make a call so I can just show Bot's setup.
Maybe it's related to the auth we want to have. The idea is that we are using custom OAuth provider for the Bot. And we want to add static Tab with auth as well. But for static page we want to use Azure OAuth so users don't need to login into our system twice. The flow is user logs in with bot and we persist azure user id into our system. When user opens static tab and logs in with Azure OAuth we lookup user id in our system by saved azure user id and issue access token.
To setup this we added OAuth provider in the Bot configuration and were trying to setup app registration.
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-25T07:54:45.737+00:00

@Andrei Grebennikov -Yes, we are providing the manifest to reproduce the issue to internal team also provide more information.
We will update this thread once we get any update.
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-09-09T12:35:16.547+00:00

@Andrei Grebennikov -Could you please try with the below Resource URL.

"webApplicationInfo": {
"id": "7205e580-78af-4a0d-b7a8-af8399a31cf1",
"resource": "api://teamsbot-qa.sympli.io/botid-7205e580-78af-4a0d-b7a8-af8399a31cf1"
}

If you are building an app with a bot and a tab, enter the Application ID URI as api://fully-qualified-domain-name.com/botid-{YourBotId}.
Andrei Grebennikov 1 Reputation point

2022-09-13T16:12:48.727+00:00

Wow, that's much better! Now I'm getting different error:

2022-09-13T16:01:58.852Z AUTHMSAL: Event: adal:tokenRenewFailure, code: consent_required|AADSTS65001: The user or administrator has not consented to use the application with ID '5e3ce6c0-2b1f-4285-8d4b-75ee78787346' named 'Microsoft Teams Web Client'. Send an interactive authorization request for this user and resource.
Trace ID: ff042bbd-e048-4a8d-a20a-3c8d750a2400
Correlation ID: 1462d1e8-4dea-4bd9-bba7-ff1ee56abd94
Timestamp: 2022-09-13 16:01:39Z, resource: api://teamsbot-qa.sympli.io/botid-7205e580-78af-4a0d-b7a8-af8399a31cf1, action: resourceRequiresConsent.

And I'm getting this error sending OAuth Prompt from Teams Bot which is using custom OAuth provider. If I got it right consent supposed to be shown up when I'm using Azure OAuth for the tab. What is the proper way to keep these to oauth flows separate?

JimmyYang-MSFT 39,141 Reputation points Microsoft Vendor

2022-08-01T08:33:05.3+00:00

Hi @Andrei Grebennikov

Teams tag is mainly focused on the general issue of Microsoft Teams troubleshooting. According to your description, your issue is more related to Teams Bot development, which we do not support. So I will also add office-teams-app-dev tag to your thread. Thanks for your understanding!
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-01T09:58:00.02+00:00

@sympli-andrew- Could you please share the Bot id and timestamp so that we can investigate from our end?
Andrei Grebennikov 1 Reputation point

2022-08-01T10:24:01.883+00:00

Bot id is 7205e580-78af-4a0d-b7a8-af8399a31cf1 and timestamp:
2022-08-01T10:23:43.067Z getAuthToken: webApplicationInfo resource format does not contain botid: 7205e580-78af-4a0d-b7a8-af8399a31cf1
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-01T12:36:35.547+00:00

@sympli-andrew-We checked the bot log and we found the following error-
Skipping ReadReceipt event because the feature isn't explicitly enabled for Bot '7205e580-78af-4a0d-b7a8-af839xxxxcf1' in the tenant '5fd90985-f406-47a0-9043-89ffdca3xxxx'
Andrei Grebennikov 1 Reputation point

2022-08-01T12:42:13.34+00:00

Can you add more details please? What feature? And how can I enable it? Are there any way to get this error message from code or anywhere else to be sure that we won't break everything once again?
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-01T12:54:48.557+00:00

@sympli-andrew-We check with the internal team and let you know once we get any update.
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-01T13:10:54.983+00:00

@sympli-andrew- Got the related thread -https://stackoverflow.com/questions/68406871/oauthprompt-is-not-working-inside-of-teams-works-fine-in-emulator-and-in-test
hope it's helpful.
Andrei Grebennikov 1 Reputation point

2022-08-01T13:35:26.887+00:00

Thanks for the link, I've seen it while trying to find possible reason. Can you please explain a bit more straight forward what exactly is missed in my setup? In the documentation they are using Azure AD as OAuth provider, but I'm using my custom oauth provider.
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-02T08:14:30.387+00:00

@sympli-andrew-We check it with engineering team and let you know.
Andrei Grebennikov 1 Reputation point

2022-08-05T07:44:02.493+00:00

Sorry to ping you, maybe you have any updates for that?
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-05T07:59:06.46+00:00

@sympli-andrew- Sorry for the delay, Currently, we don’t have ETA or Update on this thread.
We will update this thread once we get any update.
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-25T05:15:18.157+00:00

@Andrei Grebennikov -Got the update from engineering teams. "This is probably that they have not added the bot ID to the config files of the bot"
Andrei Grebennikov 1 Reputation point

2022-08-25T07:18:01.58+00:00

I wish it would be that easy... If we didn't add bot ID into the config file, it won't even start working. And I checked several times if it's there. I can share manifest with you if it will help. Also, we can make a call so I can just show Bot's setup.
Maybe it's related to the auth we want to have. The idea is that we are using custom OAuth provider for the Bot. And we want to add static Tab with auth as well. But for static page we want to use Azure OAuth so users don't need to login into our system twice. The flow is user logs in with bot and we persist azure user id into our system. When user opens static tab and logs in with Azure OAuth we lookup user id in our system by saved azure user id and issue access token.
To setup this we added OAuth provider in the Bot configuration and were trying to setup app registration.
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-08-25T07:54:45.737+00:00

@Andrei Grebennikov -Yes, we are providing the manifest to reproduce the issue to internal team also provide more information.
We will update this thread once we get any update.
Sayali-MSFT 1,711 Reputation points Microsoft Vendor

2022-09-09T12:35:16.547+00:00

@Andrei Grebennikov -Could you please try with the below Resource URL.

"webApplicationInfo": {
"id": "7205e580-78af-4a0d-b7a8-af8399a31cf1",
"resource": "api://teamsbot-qa.sympli.io/botid-7205e580-78af-4a0d-b7a8-af8399a31cf1"
}

If you are building an app with a bot and a tab, enter the Application ID URI as api://fully-qualified-domain-name.com/botid-{YourBotId}.
Andrei Grebennikov 1 Reputation point

2022-09-13T16:12:48.727+00:00

Wow, that's much better! Now I'm getting different error:

2022-09-13T16:01:58.852Z AUTHMSAL: Event: adal:tokenRenewFailure, code: consent_required|AADSTS65001: The user or administrator has not consented to use the application with ID '5e3ce6c0-2b1f-4285-8d4b-75ee78787346' named 'Microsoft Teams Web Client'. Send an interactive authorization request for this user and resource.
Trace ID: ff042bbd-e048-4a8d-a20a-3c8d750a2400
Correlation ID: 1462d1e8-4dea-4bd9-bba7-ff1ee56abd94
Timestamp: 2022-09-13 16:01:39Z, resource: api://teamsbot-qa.sympli.io/botid-7205e580-78af-4a0d-b7a8-af8399a31cf1, action: resourceRequiresConsent.

And I'm getting this error sending OAuth Prompt from Teams Bot which is using custom OAuth provider. If I got it right consent supposed to be shown up when I'm using Azure OAuth for the tab. What is the proper way to keep these to oauth flows separate?

Teams Bot: OAuthPrompt not shown up

Activity