I'm trying to get my Cortana Skill (from a Web based Bot) to play a specific album on Groove.
Playing the album can be achieved with a Deep Link like this one, although if you try it you will probably just launch the Windows Store.
That happens because that link requires you to be authenticated in the music.microsoft.com endpoint. But invoking the Deep Link from Cortana's LaunchUri laves no room for setting an Authorization header, so there's really no way to guarantee that the user will be have previously authentified.
Is it possible to make this work seamlessly by persisting the auth token and passing it through Cortana somehow?
Related
I am showing a wordpress website in iframe inside Microsoft teams Tabs. is there any way to detect the loggedIn user in my website?
If you are able to wrap your website inside a Teams app (which you can do for example very easily using App Studio, then you could surface your website as a "Tab" app. Doing this means you can reference the Teams JS library in your code, which will enable you to get a context object. You can get a lot of user information from that.
Be aware though that this context is not really 'trusted' data (it's just inserted via Javascript), so it could be spoofed into your page by a malicious actor. If that's a problem, you should look to implement Tab SSO in your app, which will give you a proper JWT token that you can validate.
I'm creating a MS Teams bot which periodically checks the users' Outlook calendar by background threads spawned after the user logs in via OAuthPrompt.
To implement the feature, it seems that I have to configure an OAuth connection setting and an app registration supporting offline_access. Then, get a refresh token when getting an access token, according to Get access on behalf of a user.
But as long as I tried the example bot, the result of OAuthPrompt doesn't contain a refresh token. And I couldn't find the documented way to get it.
How can I achieve the goal? Do I need some hack on OAuthPrompt or some related classes? Do I have to build cards from scratch?
I concluded that we can't get refresh_token with OAuthPrompt from investigation. So I made up with a different way to achieve the goal.
The key idea is creating a tiny web app just for the "Sign in with Microsoft account" feature, which can easily get refresh_token as ordinary web apps.
Here is the example app: https://github.com/igrep/example-teams-bot-with-ms-account-refresh-token
The sample which you are using is for most of the channels, but Teams behaves differently. An Invoke Activity is sent to the bot rather than the Event Activity used by other channels. This Invoke Activity must be forwarded to the dialog if the OAuthPrompt is being used.
Refer to this documentation for adding authentication to your MS Teams bot, which makes use of Teams-auth sample.
For a better understanding of how OAuth works in MS Teams, you can refer to this documentation which explains the authentication flow.
Hope this helps!!
alwaysPrompt flag should be false. Then OAuth prompt will get refresh tokens silently without prompting login card.
Please refer the answer on github about this isse.
Bot composer OAuth refresh token
Another idea has flashed into my mind while writing this comment: running a dialog including OAuthPrompt in a TurnContext made with a ConversationRefrence, which is saved and passed to the background thread, may work. (But I have no time and no motive to try!)
In my case, I needed the refresh_token to get access tokens for other Microsoft resources like Exchange,
the solution was to use
const tokenResponses = await context.adapter.getAadTokens(context, this.connectionName, [
"https://outlook.office365.com",
"https://graph.microsoft.com",
]);
We are using BotFramework Composer to create bots. These bots are supposed to get information from a backend REST service, where we need to know, which user is submitting the request for data. We are currently using {turn.activity.from.id} to get the Teams user's id, and sending it in a special http header in the "Send an HTTP request" action. We then perform a mapping of this id to our internal users.
We are, of course, aware, that this is not secure at all, since anyone who knows this, could get the user's id and send it to our service. We are currently thinking along the lines of generating a short-lived jwt token in the Bot to send to our application. However, we see no direct way of implementing this token generation in the Bot Framework Composer itself.
Also, we don't want to use OAuth, because we don't want the user to have to log in via the bot.
Is there a way to implement custom token generation using C# or js and assigning it to a dialog variable to be used in a "Send an HTTP request" action?
This document discusses how to implement an HTTP request in Composer. The first half is focused on creating a login for OAuth, which I know is not your focus, so look at the second half. If you set up a simple server that can generate a token for you, then you can make a request to it from Composer using the method described.
As links can break and docs can change (and Composer is still in Preview), I would recommend saving the doc somewhere and checking back every so often for any updates.
I've used HTTP requests from within Composer, myself, so I know this will work for you.
Hope of help!
You can create a custom Action or a package component and create any c# methods there for JWT generation. This will keep it all local to the bot.
https://learn.microsoft.com/en-us/composer/how-to-create-custom-actions
From my understanding, the OAuthPrompt requires a connection name. To create this, I need to make use of the Bot Channels Registration (as per the documentation). However, this seems to require me to create an Azure account and enter my payment card details. I would like to avoid entering my details if possible as I would not like to be charged for using any Azure services. Is there any way to avoid this?
If I must manually handle the OAuth process, I would like my sign-in to pop up in a small window like the "Allow" button triggers within the Who bot. I have tried SignIn cards which I have read just don't work in teams, and I have also tried OpenUrl type actions in a card which, when pressed, open the URL in my browser as opposed to a pop-up. How can I achieve this?
You can create a Bot Framework bot (only for Microsoft Teams) using the guidance here: https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/bots/bots-create. To summarize that article, you can use this endpoint to create a non-Azure bot: https://dev.botframework.com/bots/new
If you chose to use the Azure Bot Framework, you will not be charged for the Bot Framework if Microsoft Teams is your only channel (this does NOT include your web service if you chose to host your bot code on Azure, although you can chose a free tier to avoid any charges).
For authentication, see this section of the MS Teams documentation: https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/authentication/authentication. Depending on how you chose to implement your authentication, there are a few articles in that section that may apply. The OAuth card does work in Teams (not the free version, does not work with guest accounts, and only works for Azure bots).
For authentication, if you're redirecting to a different domain make sure you add it to the validDomains in your app manifest.
I am following the tutorial located here: https://developer.xamarin.com/guides/xamarin-forms/cloud-services/authentication/oauth/
I got to the step titled: Presenting the Sign-In User Interface.
It says that, "When the Login method is invoked, the sign-in user interface is presented to the user in a tab from the device's web browser."
Now is this really the process when using Xamarin?
Because the other apps I've downloaded and played with don't open the browser and then open a new tab to give me a choice of which account to choose. Those apps pop up a small page on top of the app and allows me to select an account.
If this Xamarin process is different I am not going to use it when developing my app. Please clear this up for me thanks.
There is no such thing as as "Xamarin's way of oAuth".
oAuth is about authenticating users through 3rd parties like Google, Facebook, Twitter etc. There are different oAuth flows which are mostly used: the implicit grant and the authorisation code grant. For mobile apps the implicit flow is common because auth code flow involves the app keeping a secret which a mobile cannot really guarantee. For a great overview of these flows I can recommend this lecture from Xamarin.University.
These flows are the same no matter which underlying development stack you are using.
The documentation you are referring to is using a library to help using these flows: Xamarin.Auth. As a matter of fact you don't have to use this library at all. This library helps with storing tokens, sending requests that include the required tokens, detect endpoint redirects etc. Part of using this library is presenting the UI where the 3rd party vendors login form is shown.
This is what you do when calling:
var presenter = new Xamarin.Auth.Presenters.OAuthLoginPresenter();
presenter.Login(authenticator);
The actual implementation of presenting the UI is platform specific. On iOS the UI os shown modally if that's how you are coding it. If you change this code to show the UI as a small popup floating on top of existing content, you can of course do this. This is true for any given platform.