I have a Bot service and a Node JS client that uses the open-source Web chat control. My requirement is that I need to store some user information(like userId) in a browser cookie and send this information to the bot service, so that when user returns to the bot he/she doesn't have to enter user information again. Is there a way to support this requirement with the Web-chat control and Bot service?
My requirement is that I need to store some user information(like userId) in a browser cookie and send this information to the bot service, so that when user returns to the bot he/she doesn't have to enter user information again.
It seems that you’d like to store user information in cookie to remember information about the user and pass user’s specific information to bot service. To store/retrieve user information in cookie, you can create/read cookies via the document.cookie property with JavaScript in client side code.
To pass user’s specific information to bot service, as Nicolas R mentioned in comment, you can send specific event activity with user information via backchannel mechanism. You can get more information about the backchannel mechanism from these articles:
Use the backchannel mechanism
The Backchannel
Related
I have an app that connects with several platforms: Teams, Slack, Google etc.
I want to allow my users to add connections to their existing accounts: for example, if they are Slack only, allow them to connect teams into their same account on my platform.
For all other platforms, I can do this as follows:
Take the application URL (e.g. Slack)
Append a parameter state, with their ID on my platform e.g. SLACK_URL?state=${user.id}
When I then process the connection, the state parameter is supplied as part of the callback from the connected service, and I can identify the relevant user and connect to their account.
Is there a similar process for Teams? I've tried doing the same with the state parameter, and no dice, it doesn't seem to work
How the users connect:
Slack
We present a button that allows the user to authorise with Slack
In the URL of that button we set a parameter state with the users ID
When Slack is authorised, it calls back to our API, and passes that state value along
We then use that to identify the user account the new authorisation belongs to
Teams
We present a button that brings the user to the application install URL in the Teams app store
The user clicks that and goes through the installation process, adding the app to a channel of their choice
What we would like to do is the same as the Slack URL, set a state value with the users ID, and have that passed back to us on the initial installUpdate or membersAdded event from that channel.
Essentially what we'd like to do when connecting a users Teams account is set some metadata on the URL that they use to install the app, and have that sent back to us so we can identify the installing user.
This is common in OAuth flows, you set a state parameter with whatever you want, and that state is passed back on authorization.
i am building a saas website(aspnetcore webapi 2.1+angular js) which allow user to connect thier email account(Gmail,outlook mail..),so they can receive and send email without switching out. i have completed the gmail part smoothly, but when i come to outlook mail, i stucked on the authentication part. what i wan't (and i have already done on Gmail intergration) are :
direct user to the Login page with necessary parameters(tenantid,clientid..)(https://login.microsoftonline.com/common/oauth2/v2.0/authorize.....)
when user is logined in, store the tokens in database, and manage them(get new refreshtoken and accesstoken after expired automatically).
i have read a lot articles on msdn,github,stackoverflow, and found the nearest solution is this one:
https://github.com/jasonjoh/dotnet-tutorial, but it logins the ms user to the my website. i just wan't to popup/redirect the user to microsoft login page, and get the user's accesstoken to get/send thire emails through Microsoft Graphy Api, not login as a microsoft account. i can't found similar code to Google API in MSAL
credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
GoogleClientSecrets.Load(stream).Secrets,
scopes,
tokenId,
CancellationToken.None,
// new FileDataStore(credPath, true)
(IDataStore)userApiTokenRepository //<------------token management
, new LocalServerCodeReceiver(
#"<html>
<head>
<script>
window.onload(function(){window.setTimeout(3000,function(){window.close();}});
</script>
</head><body>Successfully linked with gmail!</body></html>")
).Result;```
the code above will direct to google login page(even it is called via http post from js client), and store them in my customer repository. do i miss something in the MSAL, or i must implent the 0auth flow manually?
To get an access token for MS Graph the user has to sign-in first so you can send their credentials to acquire the token. You cannot bypass the 1st sign-in page.
MSAL can do this for you, by interception the openIdConnect event OnAuthorizationCodeReceived and then calling AcquireTokenByAuthorizationCode with the code received. I would recommend you to take a look at this sample, set a breakpoint on OnAuthorizationCodeReceived and analyze the flow that is happening there.
About implementing the flow manually, it will be a hard task to deal with the token expiration and the security points. I would highly recommend to use MSAL.
I have a bot running on a hosting page where users are logged in using SSO.
I want to authenticate the user in the bot automatically when the bot starts and I do not want to use anAuthCard to do it. Just want to automatically authenticate the user without prompting anything to him, just using SSO.
I found an article that refers three ways to authenticate an user in the bot:
Sharing the client's user token directly with the bot via ChannelData
Using an OAuthCard to drive a sign-in experience to any OAuth provider
A third option, called Single Sign-On (SSO), that is in development.
And, according to the article my situation is:
WebChat in an authenticated website where the user is already signed in and the website has a token to the same identity provider but to a different app that the bot needs -> in the future, this is single sign-on, but for now you 'll need to use an OAuthCard.
Is there any update about this functionality? How can I authenticate the user into the bot without using an OAuthCard or a SigninCard?
Thanks in advance
Not sure if you have tried the option of using WebChat with Azure Bot Service’s Authentication which provides built-in authentication capability to authenticate chat users with various identity providers such AAD, GitHub, Facebook, etc.
If you are looking for this built-in feature, then probably you need to build your own custom built solution using Google sign-in by passing the token ID of the authenticated users. Or for an Account linking OAuth2 solution as explained in this link: How to implement Login in Dialogflow chatbot.
Microsoft guys Are looking at the issue now. you can track the progress here.
I implemented a solution that worked for me. I have the bot running in a .net core web app
Here's what I did:
Generate an userId before initializing the BotApp
When the user clicks on the button to open the webchat, I'm opening an authenticated controller in a popup that receives the generated userId. The page is authenticated, so you will need to authenticate. I store the userId in my DB, along with access_token and some user information. The controller should be created in the same webapp where the bot is running.
After storing all the information I close the tab and start the BotApp with the generated userId
In bot code you will be able to query your DB (using userId).
To wait until the popup close, you can have a look into this here.
I hope that this helps someone.
Best regards
So I'm building a small Slack bot that I want multiple users to be able to use in different Slack teams. So far the workflow is like this:
User signs up on website.
User connects with an API provider and receives their OAuth credentials. The access token for each user is saved in the database.
User adds Slack bot to their team.
With hardcoded API values the bot retrieves the desired data, but what is the best way for the bot to be able to get the appropriate data for each Slack team?
I obviously don't want a user to need to keep signing into the website etc, so how do I associate the slack team with the Laravel user and then pull the relevant API data?
For some example code, imagine that I have a Strava access token stored in my DB for a user and I want to call the API:
$botman->hears('runstats', function ($bot) {
$payload = \Strava\Account::get(
\Auth::user()->strava_id,
array('api_key' => "here_is_a_secret_key")
);
$bot->reply($payload->monthly_kms);
This works fine when I query from my web interface as I'm signed into my website and it spits back 123km as an example.
Obviously when I'm signed into Slack then there's no Auth::user instance and so it cannot find the relevant Strava ID. That's what I want to be able to retrieve for the relevant Slack user. I envisage it being installed in multiple Slack workspaces.
You need to store the relation between a Slack user (with team ID, user ID) and his individual token for each API in your database.
So you have two options when adding new API tokens:
Ensure that the process of adding new tokens for API services is always started on Slack (e.g. with a slash command) and then forward the user to your webpage. Thus your app knows which user it is.
Let users log into your web-page with their Slack credentials (using Slack Sign-in).
Both options require that your Slack app has been previously installed to the relevant team of course.
Is it possible for me to create an application that can send our requests to access to users' Google Calendar so that I can see the events in there and be able to add, edit, and delete events?
I do not want the users to log into my website to enable this access. Rather, I want to be able to send this request, perhaps via email.
Alternatively, perhaps they could log in the web app and authorize access themselves somehow.
One option would be to e-mail the user a link to the OAuth 2.0 consent screen. The users would still need to open the link in a browser, sign in to their Google account (if not already signed in), and click the "Authorize" button to grant your application access to their Google calendar events.
First, you will need to register your application as a Web App in Google's Developer Console (just like for any other application) and obtain a client_id. Be sure to fill in the name of your application and a link to your website in the "OAuth consent screen" section, because these values will be shown to your users when they click the authorization link.
Then, follow these steps:
Send the user an authorization link in an HTML e-mail message. The link should be constructed according to the guidelines in "Redirecting to Google's OAuth 2.0 server", and pay attention to the following aspects:
Ensure that the redirect_uri parameter in the authorization link points to your application.
Since you already know the e-mail address of the user, consider including the login_hint=<email address> parameter to bypass the account selection screen.
Important: provide a value in the state parameter so that you can link this authorization request with the user.
The link should be placed in an <a> tag somewhere in the body of the e-mail: Allow access to my Google calendar
When the user clicks on this link, their browser will open and show the standard Google consent screen:
Once the user has made a choice, their browser will be redirected to the redirect_uri which you have provided.
Make sure that the redirect_uri will work even if the user isn't signed in to your application. Capture the state and authorization_code values which Google appends to the redirect_uri, and then return a confirmation page (e.g. "Thank you for giving us access to your Google calendar" would be a good idea).
Using the state and authorization_code values, follow the rest of the standard OAuth 2.0 flow and retrieve a refresh_token which will allow you to access the user's Google calendar from your application.
Keep in mind that the calendar owner (the user who is clicking the link in the e-mail and granting your application consent to access the calendar) may not even be a user of your application. This is why it is important to provide as much information as possible on the consent screen and in the confirmation page.
Since your confirmation page will be loaded even if the user does not grant your application consent, you could take the opportunity to give the user a full description of why you are asking for access to their calendar and provide a link that will take them back to the consent screen. This should increase your success rate.
Every request your application sends to the Google Calendar API must
include an authorization token. The token also identifies your
application to Google.
Your application must use OAuth 2.0 to authorize requests. No other
authorization protocols are supported. If your application uses
Google+ Sign-In, some aspects of authorization are handled for you.
The details of the authorization process, or "flow," for OAuth 2.0
vary somewhat depending on what kind of application you're writing.
For more details on the workflow to gain access click here. Once your app has access, it will be able to view and edit a user's calendar events, depending on the approved permissions.