I've put together the authentication flow for Tabs with the signin start page, end page and getting the token back from my Identity Provider (Cognito in this case)
Now I have this token. Initially, I figured I'd simply store it in localStorage and refer to it, but it seems that Teams clears the storage everytime you refresh a Tab.
As a result, my user gets the login flow again when they switch tabs.
How do you store the token (or ANY info for that matter) to access from all tabs? Or from chats? Bots?
How about Bots info if the token is obtained through the Bot OAuth card?
The examples are so unclear and not even close to the code given by the MS Teams Toolkit from VSCode...
Thanks everyone!
Related
I have used this sample to integrate a bot in MS Teams
https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/csharp_dotnetcore/46.teams-auth
I needed to configure a third party OAuth provider and had all sorts of trouble doing so. Thanks to a smart gentleman on another thread, I am now able to authenticate my user with such provider.
Here's a quick example of the conversation flow. Don't mind the buttons in French, Oui is Yes and Non is No. On first boot of the application, when I click on the Sign In button, my provider's authentication windows opens and shows the auth form just fine.
However, when it comes time to logout the user and I type "logout" as indicated within this code sample
If I type anything else to log back in, I am instantly showed that I'm logged in, the authentication window opens and closes instantly and my token remains obtainable. How do I go about actually clearing that token? I don't feel like this is the intended behaviour, as shown by the docs here:
Do I have to clear it manually? If so, how should I approach this?
Thanks for any help you can provide on this
Note: I have tried to revert back to the default sample, with an AzureAD v2 connection and the result is the same. I login just fine with my Azure AD account, but the token persists even after a logout.
EDIT
Following the sugestions, here are additional screenshots
This is some info from the Context object passed down to the Interrupt
This is the content of the AuthenticationContext available in the Context object above
Note that I get my Success when I call the logout endpoint that was suggested
My current application access one of the Google APIs using "3-legs" OAuth 2.0. User authorizes the app on Google consent screen, then the app requests API on behalf of the user and shows him some fancy data loaded from API. Everyday my application loads and transforms data from this API, so when the user comes next time, he sees the most relevant and actual data.
Everything works fine on the start, but as time goes, I faced two problems:
1. Query limits.
2. Token lifetime.
My question is dedicated to the second one, that I refer as "token lifetime". After some amount of time, the access token expires, and when user comes back to the app, our app obliged to send him to consent screen again. Moreover, all the time while access token has been in expired state, my app cannot load relevant data for user.
How can I solve this problem? How to continue lifetime of access/refresh tokens? Would Service account help? Would Service account work for Google Search Console API for every user, or should the user be a G Suite user inside my domain or what?
These questions are completely unclear from the official documentation here and from the Search Console API documentation.
If you have past experience with Google's APIs, please help me!
Thank you
When you use OAuth with user-consent, you do not need to prompt the user for consent repeatedly.
[a] If your usecase is entirely online and you want to be able to request a token each time the user visits your app, use the Google Sign In library or see this documentation for client-side apps.
[b] If your usecase is that you want to be able to obtain access tokens even when the user is not present, then you need to request an authorization code and store your refresh token. Your refresh tokens are longer-lived tokens and can be exchanged periodically for access tokens.
I have a bot running on a hosting page where users are logged in using SSO.
I want to authenticate the user in the bot automatically when the bot starts and I do not want to use anAuthCard to do it. Just want to automatically authenticate the user without prompting anything to him, just using SSO.
I found an article that refers three ways to authenticate an user in the bot:
Sharing the client's user token directly with the bot via ChannelData
Using an OAuthCard to drive a sign-in experience to any OAuth provider
A third option, called Single Sign-On (SSO), that is in development.
And, according to the article my situation is:
WebChat in an authenticated website where the user is already signed in and the website has a token to the same identity provider but to a different app that the bot needs -> in the future, this is single sign-on, but for now you 'll need to use an OAuthCard.
Is there any update about this functionality? How can I authenticate the user into the bot without using an OAuthCard or a SigninCard?
Thanks in advance
Not sure if you have tried the option of using WebChat with Azure Bot Service’s Authentication which provides built-in authentication capability to authenticate chat users with various identity providers such AAD, GitHub, Facebook, etc.
If you are looking for this built-in feature, then probably you need to build your own custom built solution using Google sign-in by passing the token ID of the authenticated users. Or for an Account linking OAuth2 solution as explained in this link: How to implement Login in Dialogflow chatbot.
Microsoft guys Are looking at the issue now. you can track the progress here.
I implemented a solution that worked for me. I have the bot running in a .net core web app
Here's what I did:
Generate an userId before initializing the BotApp
When the user clicks on the button to open the webchat, I'm opening an authenticated controller in a popup that receives the generated userId. The page is authenticated, so you will need to authenticate. I store the userId in my DB, along with access_token and some user information. The controller should be created in the same webapp where the bot is running.
After storing all the information I close the tab and start the BotApp with the generated userId
In bot code you will be able to query your DB (using userId).
To wait until the popup close, you can have a look into this here.
I hope that this helps someone.
Best regards
What is the best practice for refreshing JWT Tokens in Xamarin?
We use Jason Web Tokens to login to our API. The tokens expire after some time. As the user should not have to login every time the token expires, the Xamarin app should automatically refresh the tokens in the background. If anything is wrong - for instance the user changed his password on another device - the user should get navigated back to the login page.
Should we use the Task Parallel Library for this?
I've integrated Spring Security OAuth in my JAVA backend so that my mobile Android application (using the Facebook Login SDK) can benefit from Facebook Login. In the current flow, the APP uses Facebook Login SDK to fetch an access token from Android, and then passes to the JAVA/Spring backend. Then, another OAuth access token (specific to our backend) is issued and sent back to the application.
I wish I could automate the testing, in other words being able to generate fresh Facebook access tokens. And then test the whole stuff into the access to resources on my backend. My entry point is a Facebook access token.
I've failed in generated on-the-fly access tokens, then looked into never expiring tokens, I could hard-wire in my tests.
However, I've failed in generating never-expiring tokens : at best, changing a short-lived token to a long-lived token returns a token valid for 2 months only.
I've also tried https://www.facebook.com/dialog/oauth?client_id=xxxxxxxxxxxxxxx&redirect_uri=http://www.xxxx.com&granted_scopes=email,public_profile , but this only works when my cookies are available (only works from my web browser).
Also tried getting a device code, but I was stuck at the point where I had to "simulate" the user submitting the code into the web form.
Is there a known way to automate the testing ?
As #The1Fitz explained, "you cannot get a never expiring token anymore. You will need to make do with the maximum 2 month expiry date."