I've created a Teams app using the Teams App Visual Studio template, and configured it with a single personal tab. I've set set up ngrok so that this can be debugged locally. I've sideloaded the app, and all looks fine - Teams can load the tab, and it displays as it should.
I'm now trying to send an activity notification to this tab. Graph accepts the post activity just fine - I'm returned a 204 - but the activity is never delivered to my Teams client.
My test teams user and the Azure AD app are configured in the same tenant. The Azure AD app has the TeamsActivity.Send permission.
All URLs in my manifest are configured with the ngrok endpoint. I have a valid activityType defined, and my webApplicationInfo section is configured with the AAD App ID and redirect URI as outlined here. I've also added TeamsActivity.Send to the applicationPermissions section of webApplicationInfo
I'm posting the following json to Graph:
{
'topic': {
'source': 'entityUrl',
'value': 'https://graph.microsoft.com/beta/users/<my user id>/teamwork/installedApps/<my app id>'
},
'activityType': 'testActivity',
'previewText': {
'content': 'Something happened'
},
'templateParameters': [
{
'name': 'teammember',
'value': 'Bobby muffin'
}
]
}
This all ties up correctly with the manifest, and as I mentioned, Graph accepts the POST just fine. I've also tried adding the "recipient" section to the json, but get the same result.
I have no idea why I'm not seeing notifications. After I post the notification, I don't see any traffic to ngrok (although I'm not sure whether the notification would come in that way, or via the Teams client).
It feels like I'm missing some config somewhere.
My bad... while I was testing this, I was trying to send a notification to myself, which is explicitly not supported - https://learn.microsoft.com/en-us/graph/teams-send-activityfeednotifications#faqs
Related
I have an app which is server side. my task is to read and display data from on currently opened tickets in my server side app.
is it possible? or what can be best solution for doing this?
Thanks
I assume you have set your app's entry point url in the manifest files as follows:
...
"location": {
"support": {
ticket_sidebar": {
"url": "https://my.app/index.html"
}
}
},
...
You need to import ZAF SDK into your app which will enable you to use the client to access ticket data. Refer to apps API here.
Note that you will get an error on your server side app url because the ZAF client will only be defined within Zendesk. This is expected. So make sure you only test it on you Zendesk instance.
Refer to official tutorial here
I'm trying to develop a bot to be used exclusively for proactive messaging (since unfortunately, it appears Connectors do not support direct messaging). I stood up a web service, and was able to receive the payload from Teams when I sent a message to the bot.
I'm now trying to send a proactive message from the bot back to my user, as described here. Per the instructions, I am POSTing the following payload to <serviceUrl>/v3/conversations. (Values in brackets are interpolated from the payload I received from Teams)
{
"bot": {
"id": <recipient.id>,
"name": <recipient.name>
},
"isGroup": false,
"members": [
{
"id": <from.id>,
"name": <from.name>
}
],
"tenantId": <channelData.tenant.id>,
"topicName": "News Alert"
}
I also included a Bearer token that I got by calling https://login.microsoftonline.com/<channelData.tenant.id>/oauth2/v2.0/token. Yet, whenever I try to create the conversation, it fails with an error that "Authorization has been denied for this request." As far as I can tell, the token should be valid, so I'm not sure what else could be going on here. I saw something about trusting the service URL, but I'm not sure how I would do that since I'm not using the Bot SDK. Perhaps I'm going about this wrong and should be trying to create an Activity rather than a Conversation?
There are basically two steps in sending pro-active messages. The first step is just a once-off - it's getting the unique ID of the conversation between the bot and the user. It's the paragraph you're linking to in your original question, and it's the payload sample you're showing. Once you've got that conversation id, you'd then proceed to sending messages at any time in the future (that's this paragraph).
However, in Teams, the first part is handled differently. Rather than calling the bot framework conversation endpoint (recall that bot framework is used for other things aside from Teams bots), you wait for the user to install the app, which includes your bot. When this is done, your bot will receive a conversationUpdate event. When this fires, you'll be sent a payload which includes the conversationId of the newly-created conversation. This replaces the call you're currently making.
You need to save the conversationId, and the serviceUrl (which will be similar too 'https://smba.trafficmanager.net/apis', but unique for Teams, and will be the 'base' of the URL you'll call later).
Importantly, it is possible to "pre-install" an app for a user, using the Graph API. See Install app for user.
That should help with what you're missing. However, as an 'fyi', you can use libraries for this instead of making the call directly yourself. In dotnet, for instance, you can reference Microsoft.Bot.Connector.ConnectorClient (in Microsoft.Bot.Connector), which has a Conversations.SendToConversationAsync(..) method.
I think I've figured out the problem. I sent my token request to https://login.microsoftonline.com/<channelData.tenant.id>/oauth2/v2.0/token, which was successful and gave me a token back. However, the instructions outlined here say not to use <channelData.tenant.id>, but instead just the hardcoded string botframework.com. After requesting the token that way, my requests appear to be working.
I'm building my first Slack bot and I've got the basics mostly working... sending API requests, receiving commands and events, etc. But the part I'm left a bit confused about is what I'm supposed to do with the "Bot User OAuth Access Token".
The token appears to be shared across teams/workspaces, but it is returned to be during authentication of individual users with a call to /oauth.v2.access. Currently I'm storing the returned credentials payload in a table that has three columns:
My app's internal user ID
The Slack user ID embedded in the payload as authed_user.id
The entire JSON payload itself (jsonb in postgres if you're curious)
This allows me to initiate new API calls for actions that take place in my app (find by internal user ID) and also for interactions within Slack (find by Slack user ID).
What has left me a bit puzzled is what the convention is for when a user interacts with my bot that hasn't added my app. This can happen when a person ("Jose") adds my app and then their colleague ("Mary") discovers it in Slack and views the home screen, sends it a message, etc.
In order to take some action, such as prompt for the user to install my app, I need a token. Of course I have a token for Jose but not for Mary. I also have Jose's team ID stored in my table and Mary's team ID as part of the incoming event. So technically I could do something like this to get a working token to interact with Mary:
select credential_json from slack_credentials
where credential_json->>'type' = 'bot' and credential_json->'team'->>'id' = :marysTeamId
... which would pull out the bot token I captured when Jose added the app. This works, but it feels very wrong. I suppose if I just stored bot tokens in a separate table that looked like this:
The Slack team ID embedded in the payload as team.id
A subset of the JSON payload (ex: access_token, scope, bot_user_id, etc but not authed_user)
Then it wouldn't feel so yucky. But the docs + API ergonomics don't suggest this is a common approach either. So I'm curious what others do. If I don't hear anything back, I suppose my plan is to break out the bot tokens into a team-centric table.
Thanks!
The basic concept of Slack apps is that they are installed per workspace, not per user.
So while it's true that the app's token is derived from the user who installed your app to a new workspace, most the apps function are available to all users of the workspace.
e.g. slash commands will work for every user in every channel
e.g. posts of your app will be visible to all users of the related channel.
Therefore the best approach for storing tokens usually is with a primary key of Slack Team ID, Slack User ID.
And just to clarify. You do not need a token to prompt a user to install you app. Every app can be installed from webpage hosted by you (with the "Add to Slack button") or directly from the App Directory.
I am attempting to open a DM (Direct Message) with an arbitrary user using the im.open Slack API call. I am sending it a user's user_id that I obtain through their clicking of a consent button in order to begin a series of questions. I am sending data to the Slack API successfully along with receiving data. I am getting the following response...
{
"ok": false,
"error": "missing_scope",
"needed": "im:write",
"provided": "identify,incoming-webhook,chat:write:user,files:write:user",
}
I have went into the application's page and changed the scope of the app (I am not the owner, but have been given collaborator permissions by my team lead (the owner)). These are the current permissions...
I apologize for the poor quality of the image. The scopes are as follows...
identify
incoming-webhook
chat:write:user
files:write:user
im:write
After this change, I am still getting the same response from the Slack API. The following is what I am sending them (it's my user_id, and I don't mind).
{
"user": "U94155Z43"
}
Any help is appreciated. Thanks.
I needed to use the bot token "xoxb" instead of the user token "xoxp" which I had used for all other slack api calls.
I'm trying to leverage the beta api for assigning azure users to applications.
I looked at the documentation and tried a variety of attempts in a C# console app using HttpClient and WebClient and couldn't succeed. I then went to the Microsoft graph explorer https://developer.microsoft.com/en-us/graph/graph-explorer . I couldn't get it to work.
I looked at the documentation
https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/approleassignment_get
The document's actual documentation of the HTTP request which doesn't match the Example. The Graph Explorer seems to hint that the example is correct, but through various attempts, I can only get a response of
{
"error": {
"code": "Request_UnsupportedQuery",
"message": "Direct queries to this resource type are not supported.",
...
}
}
My essential url is
https://graph.microsoft.com/beta/appRoleAssignments/
The example says {id} but I have no idea what to put in. I put in several guids, user ids, object ids, resource ids, and none worked.
It isn't saying any access denied messages so I assume it has nothing to do with Scopes (all though the documentation is a little empty regarding that as well).
Ideally, I'd be able to see if for a given Guest Azure User has access to a particular App, then I'd be able to go and Update the assignment. I'll probably also need to delete the assignment as well.
[Edit (2021-07-06): Use Microsoft Graph v1.0 for all of this.]
It looks like the Microsoft Graph API's beta endpoint doesn't currently allow you to list AppRoleAssignments.
[Edit (2018-10-11): The Microsoft Graph beta endpoint now supports the ability to list AppRoleAssignments, though you should still use Azure AD Graph for any production application, until it gets to v1.0.] Fortunately, the Azure AD Graph API does work for this (plus, it's not a beta endpoint, so it's more likely to be stable).
To list all app roles a user is assigned with Microsoft Graph:
https://graph.microsoft.com/v1.0/users/{id}/appRoleAssignments
To list all app roles a group is assigned:
https://graph.microsoft.com/v1.0/groups/{id}/appRoleAssignments
To do the reverse, and list all users or groups assigned to an app:
https://graph.microsoft.com/v1.0/servicePrincipals/{id}/appRoleAssignedTo
Azure AD Graph is deprecated and all support for it will cease in June 2022. The equivalent requests were (in the same order as above):
https://graph.windows.net/{tenant-id}/users/{id}/appRoleAssignments?api-version=1.6
https://graph.windows.net/{tenant-id}/groups/{id}/appRoleAssignments?api-version=1.6
https://graph.windows.net/{tenant-id}/servicePrincipals/{id}/appRoleAssignedTo?api-version=1.6
In the new Azure portal, under "Enterprise applications" > (your app) > "Users and groups", you'll see the list of users who are assigned to the application, as well as the app role they are assigned to. After testing , you could do the equivalent thing using Microsoft Graph API request :
https://graph.microsoft.com/beta/servicePrincipals/d0790296-0a14-4ab1-8f6c-4e4d3eb03036/appRoleAssignments
Your could get the service principal under "Enterprise applications" > (your app) >Properties>Object ID .Here is sample of the response :
id is the role id , In your scenario ,you could check whether record exists when the principalId matches the object id of the specific user , and principalType is user .