TechQA.

Azure Bot channel error "There was an error sending this message to your bot: HTTP status code Unauthorized"

279 views Asked by At

I'm getting Unauthorized error when try to send message from azure Bot channel to api. I have deployed azure app and Bot channel with pulumi. In azure application I have noticed that there is a warning in authentication section about Implicit Grant.

Implicit Grant

If I disable Implicit Grant setting from azure portal then Bot channel works fine. I'm creating azure application with default settings as per pulumi documentation but there is no option to remove this Implicit Grant settings

I have created Azure application and Bot channel with pulumi using this link

public static AzureAD.Application Create()
{
    var name = "app-name";
    var azureApp = new AzureAD.Application(name, new AzureAD.ApplicationArgs
    {
        Name = name
        // Tried combinations of the following lines, but it makes no difference
        //, Type = "native"
        //, Oauth2AllowImplicitFlow = false
    });
    
    CreatePrincipal(azureApp);
    
    return azureApp;
}
    
private static void CreatePrincipal(AzureAD.Application azureApp)
{
    var name = "app-principal";
    new AzureAD.ServicePrincipal(name, new AzureAD.ServicePrincipalArgs
    {
        ApplicationId = azureApp.ApplicationId
    });
}

public static ChannelsRegistration Create(ResourceGroup resourceGroup, AzureAD.Application teamsBotAzureApp)
{
    var channelName = "Channel";
    var channel = new ChannelsRegistration(channelName, new ChannelsRegistrationArgs
    {
        Location = "global",
        ResourceGroupName = resourceGroup.Name,
        Sku = "F0",
        MicrosoftAppId = teamsBotAzureApp.ApplicationId,
        Endpoint = "https://azurefunction.com/api/BotMessagesHandler"
    });
    
    CreateChannel(resourceGroup, channel);
    
    return channel;
}
azure asp.net-core azure-active-directory botframework pulumi
Original Q&A
1

There are 1 answers

0
Joy Wang On BEST ANSWER

In azure ad, the setting of Implicit Grant is controlled by the parameters in the Manifest(you can also set them in the UI, then they will be changed in the manifest), Access tokens corresponds to oauth2AllowImplicitFlow, ID tokens corresponds to oauth2AllowIdTokenImplicitFlow.

If you create the app with pulumi, you can set the Oauth2AllowImplicitFlow = false to disable the Access tokens, but looks there is no oauth2AllowIdTokenImplicitFlow in the pulumi inputs, so you could not disable the ID tokens via pulumi.

You could try the workarounds below.

1.From the warning, it says You should remove these settings or register the appropriate redirect URI. So you could try to create the app with a redirect URI(i.e. ReplyUrls ) with the code like below, see if it works without disabling the ID tokens.

ReplyUrls = 
            {
                "https://replyurl",
            }

2.If it is accepted, you could use the Microsoft Graph SDK to update the application after creating it. Set the enableIdTokenIssuance to false in implicitGrantSettings of web property, then the ID tokens will be disabled.

Related Questions in AZURE

Related Questions in ASP.NET-CORE

Related Questions in AZURE-ACTIVE-DIRECTORY

Related Questions in BOTFRAMEWORK

Related Questions in PULUMI

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions