Skip to content

Node.JS Bot App supports Certificate Auth on Bot App side, and SSO OAuth for users

License

Notifications You must be signed in to change notification settings

freistli/CertAuthJSBot

Repository files navigation

Bot Authentication

Bot Framework v4 bot authentication sample, multiple turns prompts working in WebBot channel, Teams Channel, Bot Emulator.

Cert Bot Auth logics are in https://github.com/freistli/CertAuthJSBot/blob/main/MyServiceClientCredentialsFactory.js,

image

To verify claims from clients check https://github.com/freistli/CertAuthJSBot/blob/main/MyBotFrameworkAuthentication.js

image

The bot app use Certificate to do Bot App Auth. The test certificate can be self-signed. To create self-signed certificate:

$cert=New-SelfSignedCertificate -Subject "CN=flbutauth" -CertStoreLocation "Cert:\CurrentUser\My"  -KeyExportPolicy Exportable -KeySpec Signature
Export-Certificate -Cert $cert -FilePath "C:\temp\selfsign.cer"  
$mypwd = ConvertTo-SecureString -String "<your password>" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath "C:\temp\selfsign.pfx" -Password $mypwd

And then follow this article to get private key file to use in https://github.com/freistli/CertAuthJSBot/blob/main/MyServiceClientCredentialsFactory.js

Don'f forget to upload the self signed certificate to the AAD registered app.

This bot has been created using Bot Framework, it shows how to use authentication in your bot using OAuth too. To set it up, check https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/javascript_nodejs/46.teams-auth

image

The sample uses the bot authentication capabilities in Azure Bot Service, providing features to make it easier to develop a bot that authenticates users to various identity providers such as Azure AD (Azure Active Directory), GitHub, Uber, etc.

Prerequisites

  • Node.js version 10.14 or higher

    # determine node version
    node --version

To try this sample

After Authentication has been configured via Azure Bot Service, you can test the bot.

Testing the bot using Bot Framework Emulator

Bot Framework Emulator is a desktop application that allows bot developers to test and debug their bots on localhost or running remotely through a tunnel.

  • Install the latest Bot Framework Emulator from here

Connect to the bot using Bot Framework Emulator

  • Launch Bot Framework Emulator
  • File -> Open Bot
  • Enter a Bot URL of http://localhost:3978/api/messages

Interacting with the bot

This sample uses bot authentication capabilities in Azure Bot Service, providing features to make it easier to develop a bot that authenticates users to various identity providers such as Azure AD (Azure Active Directory), GitHub, Uber, etc. These updates also take steps towards an improved user experience by eliminating the magic code verification for some clients.

Deploy the bot to Azure

To learn more about deploying a bot to Azure, see Deploy your bot to Azure for a complete list of deployment instructions.

Further reading

About

Node.JS Bot App supports Certificate Auth on Bot App side, and SSO OAuth for users

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published