Share via

Teams Search Auth Config

Browse code

Bot Framework v4 sample for Teams expands the msgext-search-auth-config sample to include a configuration page and Bot Service authentication. This comprehensive C# sample provides a step-by-step guide for building a search-based Messaging Extension in Microsoft Teams that integrates authentication through Azure Active Directory. By utilizing the Bot Framework and Microsoft Graph API, it showcases how to implement secure user sign-in, access user data, and leverage messaging extension capabilities, enhancing the overall user experience.

In this sample we are assuming the OAuth 2 provider is Azure Active Directory V2 (AADv2) and are utilizing the Microsoft Graph API to retrieve data about the user. Check here for information about getting an AADv2 application setup for use in Azure Bot Service. The scopes used in this sample are the following:

  • email
  • openid
  • profile
  • Mail.Read
  • User.Read
  • User.ReadBasic.All
  • Mail.Send.Shared

Included Features

  • Bots
  • Message Extensions (with teams sso)
  • Search Commands

Interaction With Messaging Extension Auth

msgext-search-auth-config

Try it yourself - experience the App in your Microsoft Teams client

Please find below demo manifest which is deployed on Microsoft Azure and you can try it yourself by uploading the app manifest (.zip file link below) to your teams and/or as a personal app. (Uploading must be enabled for your tenant, see steps here).

Messaging Extension Auth: Manifest

Prerequisites

Description

  • Teams Messaging Extension Auth Configuration [Microsoft Entra Authentication] for search, action and link unfurling combined in the sample.
  • Add Authentication to your Bot

Run the app (Using Microsoft 365 Agents Toolkit for Visual Studio)

The simplest way to run this sample in Teams is to use Microsoft 365 Agents Toolkit for Visual Studio.

  1. Install Visual Studio 2022 Version 17.14 or higher Visual Studio
  2. Install Microsoft 365 Agents Toolkit for Visual Studio Microsoft 365 Agents Toolkit extension
  3. In the debug dropdown menu of Visual Studio, select Dev Tunnels > Create A Tunnel (set authentication type to Public) or select an existing public dev tunnel.
  4. In the debug dropdown menu of Visual Studio, select default startup project > Microsoft Teams (browser)
  5. Right-click the 'M365Agent' project in Solution Explorer and select Microsoft 365 Agents Toolkit > Select Microsoft 365 Account
  6. Sign in to Microsoft 365 Agents Toolkit with a Microsoft 365 work or school account
  7. Set Startup Item as Microsoft Teams (browser).
  8. Press F5, or select Debug > Start Debugging menu in Visual Studio to start your app
    image
  9. In the opened web browser, select Add button to install the app in Teams

If you do not have permission to upload custom apps (uploading), Microsoft 365 Agents Toolkit will recommend creating and using a Microsoft 365 Developer Program account - a free program to get your own dev environment sandbox that includes Teams.

Setup

Note these instructions are for running the sample on your local machine, the tunnelling solution is required because the Teams service needs to call into the bot.

1. Setup for Messaging Extension Auth

Refer to Bot SSO Setup document.

  1. Clone the repository

    git clone https://github.com/OfficeDev/Microsoft-Teams-Samples.git

  2. If you are using Visual Studio

    • Launch Visual Studio
    • File -> Open -> Project/Solution
    • Navigate to samples/msgext-search-auth-config/csharp folder
    • Select TeamsMessagingExtensionsSearchAuthConfig.csproj or TeamsMessagingExtensionsSearchAuthConfig.slnfile

  3. Run ngrok - point to port 3978 (You can skip this step, if you have already run ngrok while doing SSO setup)

    ngrok http 3978 --host-header="localhost:3978"

    Alternatively, you can also use the dev tunnels. Please follow Create and host a dev tunnel and host the tunnel with anonymous user access command as shown below:

    devtunnel host -p 3978 --allow-anonymous

  4. Update the appsettings.json configuration for the bot to use the MicrosoftAppId, MicrosoftAppPassword, MicrosoftAppTenantId generated in Step 1 (App Registration creation). (Note the App Password is referred to as the "client secret" in the azure portal and you can always create a new client secret anytime.)

    • Set "MicrosoftAppType" in the appsettings.json. (Allowed values are: MultiTenant(default), SingleTenant, UserAssignedMSI)
    • Set "ConnectionName" in the appsettings.json. The Microsoft Entra ID ConnectionName from the OAuth Connection Settings on Azure Bot registration
    • Set "SiteUrl" in the appsettings.json. The ngrok forwarding url (ie https://xxxx.ngrok-free.app) from starting ngrok and if you are using dev tunnels, your URL will be like: https://12345.devtunnels.ms.

  5. Run your bot, either from Visual Studio with F5 or using dotnet run in the appropriate folder.

  6. This step is specific to Teams.

    • Edit the manifest.json contained in the AppManifest folder to replace your Microsoft App Id (that was created when you registered your bot earlier) everywhere you see the place holder string <<YOUR-MICROSOFT-APP-ID>> (depending on the scenario the MicrosoftAppId may occur multiple times in the manifest.json)
    • Edit the manifest.json for validDomains with base Url domain. E.g. if you are using ngrok it would be https://1234.ngrok-free.app then your domain-name will be 1234.ngrok-free.app and if you are using dev tunnels then your domain will be like: 12345.devtunnels.ms.
    • Zip up the contents of the AppManifest folder to create a manifest.zip (Make sure that zip file does not contains any subfolder otherwise you will get error while uploading your .zip package)
    • Upload the manifest.zip to Teams (In Teams Apps/Manage your apps click "Upload an app". Browse to and Open the .zip file. At the next dialog, click the Add button.)

Note: If you are facing any issue in your app, please uncomment this line and put your debugger for local debug.

Running the sample

Once the Messaging Extension is installed, click the icon for Config Auth Search in the Compose Box's Messaging Extension menu to display the search window. Left click to choose Settings and view the Sign-In page.

Adding bot UI:

Zero install link unfurling card

zero install

3-ME-Open

4-ME-Search-Config

5-ME-Login-Page

6-ME-LoggedIn

Deploy the bot to Azure

To learn more about deploying a bot to Azure, see Deploy your bot to Azure for a complete list of deployment instructions.

Further reading