Comments (9)
Hi @rjgmail88 - it really depends on what information you are looking for. If you only need the AAD object.id of the user sending a message to the bot, then this information is included in the incoming payload of the message. If you want a usable token to do things like make a call to Graph, then you will need to set up an authentication flow similar to this example https://github.com/OfficeDev/microsoft-teams-sample-auth-node - note: the sign in card for a bot mentioned in this example is only available in the Developer Preview mode of Teams. This feature should be moving to the public ring shortly.
from botbuilder-microsoftteams.
@jotrick , thanks. I did some research and found away to grab user info. from conversationId,serviceUrl
by using botbuilder-teams npm.
(session.message.address).serviceUrl,
session.message.address.conversation.id;,
(err, result) => {
session.endDialog('%s', JSON.stringify(result));
}
}
);
I am able to fetch all the information about a user like aadobjectid, name,fullname,email etc. But I'm wondering how by bot is having this info. available in payload. Any ideas ?
The reason I concerned because,
1.My bot has been registered using personal MSA
2.In MS teams I'm logged in as AAD user which is my office email account.
3. I am using 1:1 chat with bot by simply using botId.
from botbuilder-microsoftteams.
Hi - for starters, your code snippet was cut off, so I'm not sure what function you are using, but I'm guessing it is the fetch roster function.
Second, I'm not entirely sure what your concern is. Are you looking for more information or are you concerned as to why your bot has access to this information? If you are looking for more information, then you can authenticate a user in such a way as to get an access token and make Graph calls (we can assist with that). If you are concerned about why your bot has access, it is because you have given the bot "permission" by talking with it.
As for your three points, is the concern that your bot won't be able to link the MSA information with the AAD user? To the system, those are two separate entities so it won't be able to link those unless you devise a way to do that. Bots can be created using MSAs so it is allowed that a bot created by someone outside of your organization can be pulled into that AAD tenant (that is the sort of thing the store is doing). For points 2 and 3, you are logged into Teams with your AAD account and it is that account that is in the chat with the bot in the 1:1 chat - that is what your bot will know you as.
from botbuilder-microsoftteams.
@jotrick , sorry for the inconvenience. Here is the actual code I'm using.
connector.fetchMembers((session.message.address).serviceUrl, conversationId, (err, result) => {
if (err) {
session.endDialog('There is some error to get user from MS teams.');
}
else {
console.log("*******Logged in User by MS teams:******* " + result[0].userPrincipalName);
}
});
My apologies for not being clear on my concern but those are really around stopping anyone from outside (people who create/use bot using personal MSA but not in our corporate Tenant.) using our enterprise level bot. I am confused if I need to do any 2nd level authentication for this BOT. However, I am not looking for an extra information about the user by any auth token. Here is my currant setup
-
I created a bot and registered Cortana, teams channel with my personal MSA.
-
I created a deep link(with same botID) and provided to all users (10k+) in my office so they can use this BOT in MS teams while in the office. They all will be logged with AAD account in MS teams first.
-
This BOT is dealing with some sensitive information about a user in bot logic so no one from outside of corporate tenant should be able to use this BOT even if they happened to get/hack a deep link. Correct me if I'am wrong here.
ex: Lets say my company is A and some other user from company B happened to know my BOT ID I created at step 1. They can still user my BOT in their MS teams (where they are logged in with their AAD account of their own tenant company B )
How can I stop this ? I hope my concerned is clear this time.
from botbuilder-microsoftteams.
channelData has the tenant id of the user that sent the message. You can use that to restrict the users your bot responds to. Placing this logic in bot middleware (https://docs.botframework.com/en-us/node/builder/chat-reference/interfaces/_botbuilder_d_.imiddlewaremap.html) is a good way to do this filtering.
"channelData": {
"tenant": {
"id": "a5bbb9df-06cc-47f4-8f24-981a2024b94c"
}
}
from botbuilder-microsoftteams.
Thanks @aosolis, I am using following Middleware for logging each message from BOT or user. Let me know if this is what you meant or something else.
const logUserConversation = (event) => {
console.log('******** BOT/User Message: ' + event.text) //+ ', ***** user: ' + event.address.user.name);
};
//Middleware for logging
bot.use({
receive: function (event, next) {
logUserConversation(event);
next();
},
send: function (event, next) {
logUserConversation(event);
next();
}
});
from botbuilder-microsoftteams.
Yes, you can add another piece of middleware that will inspect the incoming message and continue processing only if the message came from the tenant you were expecting.
from botbuilder-microsoftteams.
I wrote a StackOverflow post on this a while back that shows how it's done: https://stackoverflow.com/questions/40398565/securing-traffic-from-microsoft-teams-to-a-bot
from botbuilder-microsoftteams.
Thanks @billbliss and @aosolis.
from botbuilder-microsoftteams.
Related Issues (20)
- How to post MessageCard JSON Payload on Teams to user in C# HOT 2
- After Click on Allow it is showing Error.Login Consent is not Working in the Teams Desktop and in Browser. HOT 1
- [Dev Issue]The `theme` parameter in the request of `handleTeamsMessagingExtensionConfigurationQuerySettingUrl` is missing? HOT 1
- TextInput is not passing value to HttpPost action in Teams HOT 2
- Teams search app not loading initial items on IOS HOT 3
- Offical HOT 1
- Hello HOT 1
- Cannot add any options in the value section in ActionTypes of thumbnail card. HOT 3
- Bot rate limits update HOT 3
- Adaptive Card Action.Submit is not working on MS Team on iOS as expected HOT 4
- MS Teams bot welcome message HOT 4
- Section's 'startGroup' not working in Teams HOT 4
- Accessbility issue :- Need Alt attribute in O365ConnectorCardSection class HOT 5
- How to configure Bot Framework C# project to send welcome message over Teams channel HOT 6
- Any News: Adaptive Card Input.Date fields only work correctly in English HOT 4
- :<[email protected]>\http +saE2QGoeQMbKMRS6J3vQ>\ HOT 3
- Invocation of adaptive card or custom form works fine on Teams Desktop App but not in Mobile App(iOS) HOT 7
- This repo is missing important files HOT 2
- Node.js Teams botbuilder package: Message extension - Responding with a card inserted into the compose message area, inserts card in compose area for all chat windows within teams app HOT 7
- Teams Bot Node.js - send a proactive message to a particular person that is not part of conversation but has app installed? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from botbuilder-microsoftteams.