Bot Framework v4 skills SSO sample.
This bot has been created using Bot Framework, it shows how to connect a root bot with a skill bot and exchange OAuth credentials.
-
Node.js version 10.14 or higher.
# Determine node version. node --version
The solution includes a parent bot (rootBot
) and a skill bot (skillBot
) and shows how the skill bot can accept OAuth credentials from the root bot, without needing to send it's own OAuthPrompt.
This is the general authentication flow:
- Root bot prompts user to authenticate with an OAuth prompt card.
- Authentication succeeds and the user is granted a token.
- User performs an action on the skill bot that requires authentication.
- The skill bot sends an OAuth prompt card to the root bot.
- The root bot intercepts the OAuth prompt card, aware that the user is already authenticated and that the user should authenticate with the skill via SSO.
- Instead of showing the OAuth prompt card to the user, the root bot sends a token exchange request invoke activity along with the token to the skill.
- The skill's OAuth prompt receives the token exchange request and uses the token from the root bot to continue authenticating.
-
Clone the repository
git clone https://github.com/microsoft/botbuilder-samples.git
-
Create a bot registration in the azure portal for the SkillBot and update the .env file with the
MicrosoftAppId
andMicrosoftAppPassword
of the new bot registration. -
Update the
SkillAppId
field in the RootBot .env with the app ID for the skill you created in the previous step. -
Create a bot registration in the azure portal for the RootBot and update .env with the
MicrosoftAppId
andMicrosoftAppPassword
of the new bot registration. -
Add the RootBot
MicrosoftAppId
to theAllowedCallers
list in the SkillBot .env. -
Create and configure an OAuth connection for RootBot:
- Create an Azure Active Directory V2 application for the root bot following the steps described in Create the Azure AD identity for RootBot
- Open the RootBot registration in the Azure portal, navigate to the Configuration tab and add a new OAuth Connection Settings using the settings of the app you created in the previous step as described in Create an OAuth connection for a root bot
- Update the RootBot .env
ConnectionName
property with the name of the connection you created in the previous step.
-
Create and configure an OAuth connection for SkillBot:
- Create an Azure Active Directory V2 application for the skill following the steps described in Create the Azure AD identity for SkillBot
- Open the SkillBot registration in the Azure portal, navigate to the Configuration tab and add a new OAuth Connection Settings using the settings of the app you created in the previous step as described in Create an OAuth connection for a skill
- Update the SkillBot .env
ConnectionName
property with the name of the connection you created in the previous step.
-
For each bot directory,
skillBot
androotBot
as<botDirectory>
: -
In a terminal, navigate to
samples/javascript_nodejs/82.skills-sso-cloudadapter/<botDirectory>
cd samples/javascript_nodejs/82.skills-sso-cloudadapter/<botDirectory>
-
Install modules
npm install
-
Start the bot
npm start
Note: leave the MicrosoftAppType
and MicrosoftAppTenantId
empty to try this example, see the Implement a skill article for additional information on what authentication types are supported for skills.
The Bot Framework Emulator is a desktop application that allows bot developers to test and debug their bots on localhost or running remotely through a tunnel.
- Install the Bot Framework Emulator version 4.14.0 or greater from here
- Launch Bot Framework Emulator
- File -> Open Bot.
- Enter a Bot URL of
http://localhost:3978/api/messages
, theMicrosoftAppId
andMicrosoftAppPassword
for theRootBot
. - Click
Connect
. - Follow the prompts to initiate the token exchange between the
SkillBot
andRootBot
, resulting in a valid token displayed.
To learn more about deploying a bot to Azure, see Deploy your bot to Azure for a complete list of deployment instructions.