Giters

microsoft / botframework-sdk

Bot Framework provides the most comprehensive experience for building conversation applications.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

OAuthPrompt.SendOAuthCardAsync fails due to endpoint error

sandrock opened this issue · comments

commented

Version

What package version of the SDK are you using.

  • Top-level Package Requested Resolved
  • Microsoft.Bot.Builder.Dialogs 4.19.3 4.19.3
  • Microsoft.Bot.Builder.Integration.AspNet.Core 4.19.3 4.19.3
  • Microsoft.Graph 5.10.0 5.10.0
  • Microsoft.Graph.Core 3.0.6 3.0.6

Describe the bug

The endpoint https://api.botframework.com/api/botsignin/GetSignInResource intermittently fails and returns a 404 with this message:

{"error": {"code": "ServiceError","message": "Bot does not exist"}}

To Reproduce

I created a project based on the teams authentication sample. The bot tries to ask the user for authentication using the OAuthPrompt.SendOAuthCardAsync method. The endpoint fails ~95% of times. Sources and extra info here.

Expected behavior

The endpoint succeeds a few times a day. Meaning the request might be okay. I think the endpoint has a problem.

Screenshots

Additional context

I created this stackoverflow post: BotFramework-Teams-Authentication issue GetSignInResource fails often but it says that stackoverflow is more for "how-tos". Considering the problem is a bug, I think it is better to post it here.

Tracking Status

Dotnet SDK TODO

  • PR
  • Merged

Javascript SDK TODO

  • PR
  • Merged

Python SDK TODO

  • PR
  • Merged

Java SDK TODO

  • PR
  • Merged

Samples TODO

  • PR
  • Merged

Docs TODO

  • PR
  • Merged

Tools TODO

  • PR
  • Merged
commented

Thanks @sandrock, I'm investigating.

commented

I created a new app (AAD app + azure bot + teams manifest) again and the same issue occurs.

commented

This appears to be services issues.
I will notify the services team about this issue for further investigation.

Also, what is your Azure Bot Region location?

commented

CC @boydc2014.

The OAuthPrompt.SendOAuthCardAsync method intermittently fails due to an endpoint error.
Could you please assist us in investigating this issue from the services side?

Thank you.

commented

This appears to be services issues. I will notify the services team about this issue for further investigation.

Thanks.

Also, what is your Azure Bot Region location?

When creating the bot, I chose "West Europe".

commented

Hi @sandrock,

For "West Europe" bots, there may be additional configurations for the OAuth.
I wonder if this issue might be related to microsoft/botbuilder-js#4418 (comment)

For a dotnet bot project, could you please add the following additional configurations to see if it resolves this issue:

    "BotOpenIdMetadata": "https://login.botframework.com/v1/.well-known/openidconfiguration",
    "ValidateAuthority": "true",
    "ToChannelFromBotLoginUrl": "https://login.microsoftonline.com/botframework.com",
    "ToChannelFromBotOAuthScope": "https://api.botframework.com",
    "ToBotFromChannelTokenIssuer": "https://api.botframework.com",
    "OAuthApiEndpoint": "https://europe.api.botframework.com",
    "ToBotFromChannelOpenIdMetadataUrl": "https://login.botframework.com/v1/.well-known/openidconfiguration",
    "ToBotFromEmulatorOpenIdMetadataUrl": "https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration",
    "CallerId": "urn:botframework:azure"

Example:
Screenshot 2023-06-27 at 10 30 36 AM

commented

Hi. I tried the configuration bit. The bot fails 100% of times with this issue:

fail: Microsoft.AspNetCore.Server.Kestrel[13]
Connection id "0HMRSHJMS20RP", Request id "0HMRSHJMS20RP:00000002": An unhandled exception was thrown by the application.
System.ArgumentNullException: Value cannot be null. (Parameter 'uriString')
at System.Uri..ctor(String uriString)
at Microsoft.Bot.Connector.Authentication.UserTokenClientImpl..ctor(String appId, ServiceClientCredentials credentials, String oauthEndpoint, HttpClient httpClient, ILogger logger)
at Microsoft.Bot.Connector.Authentication.ParameterizedBotFrameworkAuthentication.CreateUserTokenClientAsync(ClaimsIdentity claimsIdentity, CancellationToken cancellationToken)
at Microsoft.Bot.Builder.CloudAdapterBase.ProcessActivityAsync(AuthenticateRequestResult authenticateRequestResult, Activity activity, BotCallbackHandler callback, CancellationToken cancellationToken)
at Microsoft.Bot.Builder.CloudAdapterBase.ProcessActivityAsync(String authHeader, Activity activity, BotCallbackHandler callback, CancellationToken cancellationToken)
at Microsoft.Bot.Builder.Integration.AspNet.Core.CloudAdapter.ProcessAsync(HttpRequest httpRequest, HttpResponse httpResponse, IBot bot, CancellationToken cancellationToken)
at TeamsBot.Controllers.BotController.PostAsync() in BotController.cs:line 37

Quick analysis:

  • the url given to UserTokenClientImpl using parameter oauthEndpoint. Seems to be empty.
  • this url is set in a private field ParameterizedBotFrameworkAuthentication._oAuthUrl
  • not sure how it gets there from the configuration file
commented

Hi @sandrock,

I was able to reproduce this issue and confirm this issue only occurs for Azure bots with region set to West Europe.

I resolved this issue by adding the following configuration to appsettings.json:

  "OAuthUrl": "https://europe.api.botframework.com",
  "BotOpenIdMetadata": "https://login.botframework.com/v1/.well-known/openidconfiguration",
  "ValidateAuthority": "true",
  "ToChannelFromBotLoginUrl": "https://login.microsoftonline.com/botframework.com",
  "ToChannelFromBotOAuthScope": "https://api.botframework.com",
  "ToBotFromChannelTokenIssuer": "https://api.botframework.com",
  "ToBotFromChannelOpenIdMetadataUrl": "https://login.botframework.com/v1/.well-known/openidconfiguration",
  "ToBotFromEmulatorOpenIdMetadataUrl": "https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration",
  "CallerId": "urn:botframework:azure"

image

Also for West Europe bots, please make sure the Azure Bot Redirect URI is set to:
https://europe.token.botframework.com/.auth/web/redirect

Example:
image

Output:

commented

@sandrock, could you please try adding the updated configuration values in appsettings.json to see if that address the issue?

commented

Hi @sandrock, any status updates?

commented

Hi, I am solving the issue with a Microsoft Support Engineer.

We are trying configuration changes, the like you are providing, but to no avail as of now.

I will post an update here when the issue is solved.

commented

Closing due to inactivity. Please reopen if further assistance is needed.

commented

Hey together, I'm facing right now the same issue, but using TypeScript. The Azure Bot service is also deployed in West Europe. Is there a solution for JavaScript / TypeScript available?

The redirect URL is already setup to https://europe.token.botframework.com/.auth/web/redirect

commented

Hi.

The issue was partially solved on my side with the help of a member of the Bot Framework support engineer.

The configuration thing above was required. Also, the redirect URL needed to be set in the Azure app registration.

Then we ran into an issue with the Teams user consent popup. It did not work properly. The callback on the continue button was never received into the bot. Fixing this would involve opening an issue at the Teams support; which we did not do. Do you think that this is your current issue?

Instead, we used the "grant Admin consent for organization" to skip user consent in teams (a button somewhere in Azure App Registration). In my bot, I do user consent in-dialog.

commented

Hey @sandrock ,

thanks for the quick response. We are not using .Net but TypeScript for our bot. Even when using the configuration above as well as the redirect URL it is still not working. Just opened a ticket @ MS to receive some support.

In Teams, we are not receiving anything. Not even a card. The dialog status just stays at "WAITING". When trying to run it locally using the Bot Framework Emulator, we receive the login card. However, in the inspector of the Emulator, is stating now:

[15:18:07]Failed to generate an actual sign-in link: Error: Not Found
[15:18:07]Falling back to emulated OAuth token.

Hope to find the root cause of this quickly.

commented

Just to add to this, I have been developing a teams bot in C# based on one of the samples and it used OAuth authentication, this has been working fine for about a month.

Yesterday all of a sudden this stopped working and I'm getting 404 errors when showing the OAuthPrompt :
The OAuth prompt trying to retrieve the token:
https://api.botframework.com/api/usertoken/GetToken?userId=&connectionName=&channelId=msteams

And then because of the 404 error trying to get the token, then trying to get the sign in resources:
https://api.botframework.com/api/botsignin/GetSignInResource?state=
which is also returning a 404 error.

I tried everything, but just now created a new app registration and bot from scratch in the azure portal, this time instead of "West Europe" for the bot I chose "Global". I linked the bot up with my sample application and it works again as expected.

Edit: I just re-created a new bot with West Europe as the location the bot failed as above, I then deleted the bot and created one with "Global" and it worked. There is surely something wrong here from MS end?

This is definitely an issue Microsfts end as the app works fine with the new bot and nothing else has changed at all.