Pass authentication token to bot during single sign-on in live chat

Omnichannel for Customer Service offers a suite of capabilities that extend the power of Dynamics 365 Customer Service Enterprise to enable organizations to instantly connect and engage with their customers across digital messaging channels. An additional license is required to access Omnichannel for Customer Service. For more information, see the Dynamics 365 Customer Service pricing overview and Dynamics 365 Customer Service pricing plan pages.

Important

Power Virtual Agents capabilities and features are now part of Microsoft Copilot Studio following significant investments in generative AI and enhanced integrations across Microsoft Copilot.

Some articles and screenshots might refer to Power Virtual Agents while we update documentation and training content.

With single sign-on (SSO) in Omnichannel for Customer Service, your bots can perform secure actions on behalf of the customer during an ongoing customer conversation.​ This provides a seamless, personalized, and secure experience for the customer, thereby improving customer satisfaction.

In the live chat channel, you can set up authentication in Azure or Copilot Studio bots. You can request authentication during a customer conversation before seeking or processing any confidential information such as bill payment, order returns, and any other sensitive data. As a bot author or developer, you can choose to show the OAuth card if the customer hasn't signed in or if the customer sign-in couldn't be validated. You can choose to hide the card if the customer has already signed in.

Here's how this works:

  • During the live chat, your bot requests the customer for authentication before processing any sensitive or confidential information.

  • You intercept the OAuth card and call your function to send the authentication token directly to the bot.

  • Your function will then pass an authentication token (if found) and tell Omnichannel for Customer Service whether the OAuth or sign-in card should be displayed or not, based on the customer's sign-in status.

Prerequisites

If you're using Azure bots, ensure that you've installed the latest versions of the following two library packages:

  • Microsoft.Bot.Builder.Dialogs This library implements the .NET Simple Dialog classes.
  • Microsoft.Bot.Builder.Integration.AspNet.Core This library integrates the Bot Builder SDK with ASP.NET Core.

If you're using a Copilot Studio bot, ensure that you manually set up end user authentication for Copilot Studio. More information: Configure manual user authentication

Sample code

Here's a code sample that illustrates how you can pass an authentication token to an Azure or Copilot Studio bot during single sign-on.

const signInIds = [];
window.Microsoft.Omnichannel.LiveChatWidget.SDK.setBotAuthTokenProvider(async (botTokenUrl, callback) => {
  const urlSearchParams = new URLSearchParams(botTokenUrl);
  const signInId = urlSearchParams.get("state");

  if (signInIds.includes(signInId)) { // Ignore authenticated sign-in cards
    callback({show: false});  // Hide card
    return;
  }

  signInIds.push(signInId);

  const authUrl = ""; // Customer's Authentication API
  const authResponse = await fetch(authUrl, method: "POST"});
  const {token} = authResponse;  // Customer's Auth Token

  const data = {
    token: "token"
  };

  const payload = {
    method: "POST",
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify(data)
  };

  try {
    const botAuthResponse = await fetch(botTokenUrl, payload); // Posts Auth Token to Bot directly
    
    // Sign in through Bot is successful
    if (botAuthResponse.status === 200) {
      signInIds.push(signInId); // Track authenticated sign-in card
      callback({show: false}); // Hide card
    }

    if (botAuthResponse.status === 404 || botAuthResponse.status == 202) {
      callback({show: false}); // Hide card
      return;
    } else {
      // Other condition handling    
    }

    return;
  } catch (error) {
  
  }

  callback({show: true});  // Show sign-in card by default
});

See also

Integrate an Azure bot
Integrate Copilot Studio bot
setBotAuthTokenProvider method