Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

how can i get all these information from azure active directory ?AAD generate app id only #17

Open
subhans3tech opened this issue May 15, 2017 · 20 comments

Comments

@subhans3tech
Copy link

const AZUREAD_APP_PASSWORD = envx("AZUREAD_APP_PASSWORD");
const AZUREAD_APP_REALM = envx("AZUREAD_APP_REALM");
const AUTHBOT_CALLBACKHOST = envx("AUTHBOT_CALLBACKHOST");
const AUTHBOT_STRATEGY = envx("AUTHBOT_STRATEGY");

@ritazh
Copy link
Collaborator

ritazh commented May 15, 2017

If you are using AAD endpoint v2, you can register an application in the new application registration portal under https://apps.dev.microsoft.com. This is where you set/get the values for AZUREAD_APP_PASSWORD, AZUREAD_APP_ID, and redirectUrl.

For AZUREAD_APP_REALM, unless you are using a v2 tenant-specific endpoint, use common.

For AUTHBOT_CALLBACKHOST, this should be the callback host of the redirect url you specify for the new application, for example: redirectUrl: AUTHBOT_CALLBACKHOST + '/api/OAuthCallback'.

For AUTHBOT_STRATEGY, this should be oidStrategyv2 for AAD endpoint v2 and oidStrategyv1 for AAD endpoint v1.

I'm using the passport-azure-ad node module, which has more information about how to use it for different AAD scenarios.

@subhans3tech
Copy link
Author

I really appreciate your response but thisl ink https://apps.dev.microsoft.com has no linkage with azure active directory . this is just to register your app with microsoft . it does not show any options to integrate with active directory . secondly i am little confused login and logout url in simple app we give our page link . in bot case i am little bit confused

@sujaydutta
Copy link

sujaydutta commented Jun 19, 2017

Hi,

Having some initial setup issues. So in apps.dev.microsoft.com, we register the bot application if in the "Converged Applications" and that's where we get the MICROSOFT_APP_ID/PASSWORD FROM. I am clear on that.

If you can please clarify these, that would be awesome!

  1. For the Azure AD related, can we use the same MICROSOFT_APP_ID or need to register an app under "Azure AD Only applications"?

  2. If Generate cryptographically strong random number #1 is the case, then I can get the AZURE_AD_APP_ID and PASSWORD (from the key). Is that correct? What delegated permissions would be needed for AD authentication and also Sharepoint site access?

  3. How can I tell what is the tenant version? Is that something in the Azure portal? You mentioned above to use "common" for v1 tenant, what should we use for v2 tenant?

  4. I don't see where I can get the following, can you please give an example? Say my bot is hosted on "https://mytestbot.azurewebsites.net/api/messages".

AZUREAD_APP_REALM
AUTHBOT_CALLBACKHOST
AUTHBOT_STRATEGY

Thanks!

@ritazh
Copy link
Collaborator

ritazh commented Jun 21, 2017

@sujaydutta
Assuming you are using v2.

  1. Yes you can use the same APP ID and Password for MICROSOFT_APP_ID/PASSWORD and AZURE_AD_APP_ID/PASSWORD
  2. See 1.
  3. Pleaser refer to https://github.com/AzureAD/passport-azure-ad#5112-options to see what makes sense for your application.
  4. Given your sample and assuming you are using v2:
AZUREAD_APP_REALM = common
//Depending on what you have for 3, it could be "common" or "your_tenant_name.onmicrosoft.com"
AUTHBOT_CALLBACKHOST = https://mytestbot.azurewebsites.net
AUTHBOT_STRATEGY = oidStrategyv2

@sujaydutta
Copy link

Thanks @ritazh, that helped. Once think I had to do is to login to https://apps.dev.microsoft.com and for the bot application, add a web platform and the redirect URL of the bot, i.e. https://mytestbot.azurewebsites.net Otherwise the redirect wasn't working correctly.

BTW do you have any experience getting the access token for O365 Sharepoint site, on a related topic, I am getting some error most likely with the resource parameter used in the access token. If you can guide me to a good link that will be helpful.

@sujaydutta
Copy link

I have another issue now, during authentication I get this error.

AADSTS70001: Application '83xxxxxxx' is not supported for this API version.

@kanishk-mehta
Copy link

@sujaydutta same here.. :(

@ritazh
Copy link
Collaborator

ritazh commented Aug 4, 2017

What's the error you are seeing? I assume you created the app here: https://apps.dev.microsoft.com ?

@kanishk-mehta
Copy link

My bot is hosted on https://gdcchatbot-trillan-dev.azurewebsites.net/

Have tried the following permutations of creating the app:
Error Type 1: App created on https://apps.dev.microsoft.com, Redirect URL: https://gdcchatbot-trillan-dev.azurewebsites.net/, AUTHBOT_STRATEGY: oidStrategyv2 or oidStrategyv1
image

Error Type 2: App created on https://apps.dev.microsoft.com, Redirect URL: https://gdcchatbot-trillan-dev.azurewebsites.net/api/OAuthCallback, AUTHBOT_STRATEGY: oidStrategyv2 or oidStrategyv1
Here I get a 404 error - No webpage was found for the web address.

Error Type 3: App created on https://portal.azure.com, Reply URL: https://gdcchatbot-trillan-dev.azurewebsites.net/, AUTHBOT_STRATEGY: oidStrategyv1
image

Error Type 4: App created on https://portal.azure.com, redirect URL: https://gdcchatbot-trillan-dev.azurewebsites.net/api/OAuthCallback, AUTHBOT_STRATEGY: oidStrategyv2
image

@ritazh
Copy link
Collaborator

ritazh commented Aug 4, 2017

One obvious thing is you should configure your redirect url to match whatever is in the code:

server.get('/api/OAuthCallback/'

https://github.com/CatalystCode/node-authbot/blob/master/app.js#L78

let oidStrategyv2 = {
  redirectUrl: AUTHBOT_CALLBACKHOST + '/api/OAuthCallback',

https://github.com/CatalystCode/node-authbot/blob/master/app.js#L106

Here is what I have for your reference:

AZUREAD_APP_REALM = common
AUTHBOT_CALLBACKHOST = https://authbot.azurewebsites.net
AUTHBOT_STRATEGY = oidStrategyv2

From the https://apps.dev.microsoft.com portal:

"identifierUris": [
        "https://authbot.azurewebsites.net/login"
    ],
...
"replyUrls": [
        "https://authbot.azurewebsites.net/api/OAuthCallback"
    ],

@kanishk-mehta
Copy link

Thank you @ritazh ..That clarified some of my doubts.. I've followed all the other points but am stuck on the last point you mentioned. I couldn't find "identifierUris" or "replyUrls" in the https://apps.dev.microsoft.com portal .. I could only find 'Redirect URLs' and 'LogoutURL' (when I add a web platform)
image

I'm sure I'm missing something or doing something wrong...Could you please guide me as to where I can/should add/edit the "identifierUris" and "replyUrls" on the https://apps.dev.microsoft.com portal

@ritazh
Copy link
Collaborator

ritazh commented Aug 4, 2017

Redirect URLs in this form will resolve to replyUrls in the manifest.

@kanishk-mehta
Copy link

Oh. Understood. Tried that but it resulted in the 'Error Type 2' that I mentioned earlier (404 - no web page was found).
After the Sign-in screen and after authenticating the bot, I was redirected to this URL (which gave me the 404 error):
https://gdcchatbot-trillan-dev.azurewebsites.net/api/OAuthCallback?code=OAQABAAIAAAA9kTklhVy7SJTGAzR-p1BcRaS5WQYxLie7VdGRqiwiJ_UhUa_i3BoqeBLmvAeTGhosuOZKDRfT7ZLgyhmJGLvk2xH1eMlsChV512JK7fYDabJZ1TXImPrOAZeZGD7wbRJcS5h920FsZXsi1_3FkR88SM5eViR2x7gxBdvTyh6fd2Y33G-3FLFaoMPoWZZyT6xbDDE26M2jXiuqKPRgll4R6UYFzDrJpvwcfoFciKH1NDEUE7xyVAr0zB1124faw4zw3pPEwB_elOx9tMK8MnURaStrNB2CIEtIen8kEfF86wjQP2dgq-XeTj5fsFpYKMh5iFwGKMRnPDX3OHZzvP3nl6rJuG4AAWRQIuVw5olPMwzAFIRQkEh7T0vFHONv2mp53q2v5PXsmZIdbD-tGUEjluwvwhxfSvfr799rnXN6KAA1JlxqqMD1-vI9hzMZ5QTDYxq8COllMxhaXFMzg6ML6EHqyq2Fr3nrEwn6QdVberIQ2EoE8gr355lvPPiWd757qTm7hjlLRVh0MNZ2JADSJVoieyaHa9f59ApiJT4abO4ng785NRFHUfrwd4BsXbR4e8eAGMx9pcWyeRUJXlIPiHWeV9MNpL-4wef6nHs9yaYEPahf1SnaOzM5DBP3jaqtnKk7lruvWGCwGSM3GFtDjmR01ZQSF00Gp80msa1QYaiSOT0JEtYLdoHWH18Iq25T3prqe8Fiitu0ku_wXv2b-_X_ttRWyv7qXgBYUwGB3dD0z6koS_6joS0IRtyONeSzdZRYSmaOWD_dXVOemnsOBrp5vsJ00Otiy4gTMC_iK49uQIB53e6FnwUVeB2CwLiS9nygasmXQ02JY5V9MjDbIAA&state=CUSTOMdFZFfht9t6y4lbVu0_u5LIVFaU3R6ceC%7b%22id%22%3a%22f375b8b6f8c74ecd806051a55594e3fb%7c0000001%22%2c%22channelId%22%3a%22webchat%22%2c%22user%22%3a%7b%22id%22%3a%228WPGoWSAmfr%22%2c%22name%22%3a%22You%22%7d%2c%22conversation%22%3a%7b%22id%22%3a%22f375b8b6f8c74ecd806051a55594e3fb%22%7d%2c%22bot%22%3a%7b%22id%22%3a%22Trillian_Dev%40TwWICOtqpRE%22%2c%22name%22%3a%22Trillian_dev%22%7d%2c%22serviceUrl%22%3a%22https%3a%2f%2fwebchat.botframework.com%2f%22%2c%22useAuth%22%3atrue%7d&session_state=4ee838b0-d649-4656-a743-a68f795e82e0

@kanishk-mehta
Copy link

Hi @ritazh ..I resolved the issue. Sorry couldn't revert earlier but i've managed to sort the issue out now. Somehow I missed this part in the bot setup instructions:

  • [Optional] If the bot is hosted on Azure App Service, make sure to increase the maxQueryString limit by updating the web.config file in $HOME/site/wwwroot like this:
<security>
	  <requestFiltering>
	  	<requestLimits maxQueryString="10000"/>
	  	...
	  </requestFiltering>
</security>

Did that. Double checked the web.config file and everything is working now. Thanks for the help!


Also, for users who are deploying the bot on a website, if they want the user to receive the authentication code in html format (since some browsers don't support JSON..like IE) to improve user experience:

Replace res.send('Welcome ' + req.user.displayName + '! Please copy this number and paste it back to your chat so your authentication can complete: ' + magicCode); (line num 91 in app.js) with

var body = '<html><body>Welcome ' + req.user.displayName + '! Please copy this number and paste it back to your chat so your authentication can complete: ' + magicCode'</body></html>';        
        
res.writeHead(200, {
            'Content-Length': Buffer.byteLength(body),
            'Content-Type': 'text/html'
        });
        
res.write(body);
        
res.end();

Thought it might help. Will add a pull request as well. Thanks again..

@EnnamGopaulen
Copy link

Hello @ritazh,

I'm having some issues for making this works.

Some help would be appreciated.

Steps that I have followed:

  1. I have clone node-authbot and install dependencies

  2. I have registered the bot on https://apps.dev.microsoft.com, where the MICROSOFT_APP_ID and MICROSOFT_APP_PASSWORD have been generated and a web platform has been added with the redirect URL of the bot (as mentioned in the thread) : https://the-bot.azurewebsites.net/api/OAuthCallback

  3. I have created a new web app and linked the application (github) on Microsoft Azure and inserted the MICROSOFT_APP_ID and MICROSOFT_APP_PASSWORD under the application settings.

  4. Based on previous threads, I have populate the environment variables as display below:

MICROSOFT_APP_ID = MICROSOFT_APP_ID
MICROSOFT_APP_PASSWORD= MICROSOFT_APP_PASSWORD
AZUREAD_APP_ID = MICROSOFT_APP_ID
AZUREAD_APP_PASSWORD = MICROSOFT_APP_PASSWORD
AZUREAD_APP_REALM = common
AUTHBOT_CALLBACKHOST = http://the-bot.azurewebsites.net/
AUTHBOT_STRATEGY = oidStrategyv2

image

Error : There was an error sending this message to your bot: HTTP status code MethodNotAllowed

Maybe I have missed something. Can you please guide me?

@kanishk-mehta Hello Kanishk, Can you please help me. I saw you have a bot up and running with the authentication.

Thanks

@EnnamGopaulen
Copy link

Hi @ritazh,,

Any update on this please?

Thanks

@kanishk-mehta
Copy link

@EnnamGopaulen sorry about the delayed response. I can see that you have published your code to an Azure App service. Have you checked your web.config file? Details are mentioned in the last part of the readme file of the repository (just before acknowledgements): (have copied it below)

  • [Optional] If the bot is hosted on Azure App Service, make sure to increase the maxQueryString limit by updating the web.config file in $HOME/site/wwwroot like this:
<security>
	  <requestFiltering>
	  	<requestLimits maxQueryString="10000"/>
	  	...
	  </requestFiltering>
</security>

@EnnamGopaulen
Copy link

@kanishk-mehta thanks for your reply. Can you please guide me where to find the web.config.

Thanks

@kanishk-mehta
Copy link

@EnnamGopaulen sure thing. Here's the link - https://github.com/CatalystCode/node-authbot/blob/master/web.config. Let me know if it works out. Thanks.

@EnnamGopaulen
Copy link

@kanishk-mehta, thanks lots for your prompt answer.

I missed that part. I have added it to my project. But still same :(

Error: There was an error sending this message to your bot: HTTP status code MethodNotAllowed

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants