MS Teams Webhook ActionCard HttpPost get the user who submitted the post - microsoft-teams

I have a incoming webhook that I sent a messageCard with several actioncards. I know how to post the data and value back to my server endpoint. I need to get the username of the user who pushed the button to submit the httppost. Here is the actioncard part of the code. It works. I just need to also know who submitted it, the MS Teams username.
{
"#type": "ActionCard",
"name": "Skip",
"inputs": [{
"#type": "TextInput",
"id": "skip",
"isMultiline": True,
"title": "Add a skip reason here"
}],
"actions": [{
"#type": "HttpPOST",
"name": "skip",
"target": "",
"body":"{"action":"skip","body":"{{skip.value}}}"}"
}]
}

Currently UPN is not sent part of the JSON body/payload, however it can be retrieved by decoding JWT token in Authorization header part of sender verification:
Service can validate the JWT and then extract claims and get the UPN as per below:
Security requirements for actionable messages - Outlook Developer | Microsoft Docs.
Also if you go through the Connector documentation, you’ll see that the ‘sub’ parameter contains the Azure AD object ID. You can then call Get users Graph API to get the user details from AAD Id.

Related

Create MSTeams Personal chat with customized name

We are trying the following payload using MSTeams Bot access Token to create the Personel chat Room with the provided topicName.
Request : POST /v3/conversations
{
"bot": {
"id": "28:XXXXXXXX-a2Xe-460b-8793-XXXXXXXXXXXX",
"name": "XXXXXXXX"
},
"isGroup": false,
"members": [
{
"id": "29:18KXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"name": "Jane"
}
],
"topicName": "News",
"tenantId": "XXXXXX-XXXX-XXX-829b-5131e9a77XXX"
}
In response we got the resource id and we can post Bot message using that Id. But that message is always shown in the Personal Chat \room and it is not creating c chat with the topicName.
Is there any other permissions we need to add ?
To create a chat with customized name you should have minimum 3 participants[Including you]. In the above request only one user is there, that is why it becomes one-one personal chat between you and Jane.

Slack API: How to determine which human user owns a Legacy API token

When using a legacy token in slack I want to determine which user account owns this application. The information is not directly in the bot.info:
{
"ok": true,
"bot": {
"id": "foobar",
"deleted": false,
"name": "Slack API Tester",
"updated": 123456789,
"app_id": "A123"
}
}
Could I use the bot.id or bot.app_id objects to find who owns this application? If so which api call would I use.
To determine which user owns any token (incl. legacy token) just call the auth.test endpoint with that token. You will get the user ID and name of the token owner.
Example response from documentation:
{
"ok": true,
"url": "https://subarachnoid.slack.com/",
"team": "Subarachnoid Workspace",
"user": "grace",
"team_id": "T12345678",
"user_id": "W12345678"
}
If you need more info about the user you can call users.info for that user with his ID. Since you are using a legacy token you will have the necessary permissions.

Outlook REST API - Send As

I am currently using the Outlook REST API to send email. This is working fine when sending from a user mailbox such as:
https://outlook.office.com/api/v2.0/users/user#domain.com/sendMail
'user#domain.com' is the UPN of a valid user account in Azure AD.
What I need to do is 'send as' a shared mailbox. According to the documentation this can be achieved by changing the 'From' property in the JSON request body. An example would be:
{
"Message": {
"Subject": "Email Unit Test",
"Body": {
"ContentType": "HTML",
"Content": "Message body"
},
"ToRecipients": [
{
"EmailAddress": {
"Address": "recipient#somehost.com"
}
}
],
"Attachments": [
],
"From": {
"EmailAddress": {
"Address": "shared_mailbox#domain.com"
}
},
"Sender": {
"EmailAddress": {
"Address": "user#domain.com"
}
}
},
"SaveToSentItems": "false"
}
Now, when I give user#domain.com 'Send As' and 'Send On Behalf Of' access to the shared mailbox this works. The recipient gets an email with the from field saying 'user#domain.com On Behalf Of shared_mailbox#domain.com'. What I want however is for the email to appear as being sent from shared_mailbox only without the on behalf of user. To test this out further I removed the 'Send On Behalf Of' access and left 'Send As' access only. In the API I now get an error:
{
"error": {
"code": "ErrorSendAsDenied",
"message": "The user account which was used to submit this request does not have the right to send mail on behalf of the specified sending account., Cannot submit message."
}
}
Interestingly though, in my Outlook client I can still send an email from the shared mailbox and it works as expected with no 'on behalf of' in the From field. I'm starting to wonder whether this is a limitation of the REST API however there is nothing in the Microsoft docs to suggest this.
Has anyone had similar experiences with the REST API?
I tried to do the same thing and it seems the REST API allows you to implement "send on behalf of" but not "send as" feature.

Microsoft botframework and slack channel

How do I get the url/team name from a bot framework activity/context? Currently I can get the TeamId but can that be translated into the text string for the teams name?
For example testteam.slack.com, how can I extract the "testteam" part from bot framework messages?
As already mentioned you can call the Slack API method team.info to get the domain name for a team. However, that requires your token to have specific scopes, which you might not have.
It's therefore better to call auth.test, because it does not require any special scopes (except the bot scope for a bot token, but that is implicit). This API method will return the full URL of the Slack team along with other basic info for the provided Slack token.
Note that you need a Slack token corresponding with the team you want to get the info for. The team ID alone is not sufficient to get info about a team. (same for team.info btw). I am not familiar with the botframework, but since it works with Slack it must have a method to retrieve the current Slack token.
Example output:
{
"ok": true,
"url": "https:\/\/subarachnoid.slack.com\/",
"team": "Subarachnoid Workspace",
"user": "grace",
"team_id": "T12345678",
"user_id": "W12345678"
}
You are looking for team.info method in Slack API, that you can query with your Bot User OAuth Access Token (visible in OAuth & Permissions menu, and also available in each bot message in the ChannelData, property named ApiToken).
You can get details about this method here: https://api.slack.com/methods/team.info
In particular, have a look to domain field in the response sample:
{
"ok": true,
"team": {
"id": "Txxxxxx",
"name": "BotDemoCompany",
"domain": "botdemocompany",
"email_domain": "xxxxxxx.com",
"icon": {
"image_34": "https:\/\/a.slack-edge.com\/xxx.png",
"image_44": "https:\/\/a.slack-edge.com\/xxx.png",
"image_68": "https:\/\/a.slack-edge.com\xxx.png",
"image_88": "https:\/\/a.slack-edge.com\/xxx.png",
"image_102": "https:\/\/a.slack-edge.com\/xxx.png",
"image_132": "https:\/\/a.slack-edge.com\/xxx.png",
"image_230": "https:\/\/a.slack-edge.com\/xxx.png",
"image_default": true
}
}
}

Integrating Microsoft team into my web app

I have a web app where if a user signs up, a notification is sent to the slack channel. I want to achieve the same thing in Microsoft team but I cant find any good resources. When a new user signs up, a message will be posted into the microsoft team group.Will it be possible to do this?
This can be easily achieved in Microsoft Teams using Connectors.
Here are the steps to post data to any channel:
In Microsoft Teams, choose the More options (⋯) button next to the
channel name in the list of channels and then choose Connectors.
Add an Incoming webhook and copy the webhook URL.
You can post Message Card given below to this URL using
Postman/Fiddler/Code.
{
"summary": "Alert!",
"themeColor": "0078D7",
"sections": [
{
"activityTitle": "Web app event",
"text": "Something happened in the web app!"
}],
"potentialAction": [
{
"#type": "OpenUri",
"name": "View event",
"targets": [
{ "os": "default", "uri": "http://mywebapp.com/path/to/event" }]
}]
}
You can also Build your own Connector with custom configurations.

Resources