3

I have a bot running on a hosting page where users are logged in using SSO. I want to authenticate the user in the bot automatically when the bot starts and I do not want to use anAuthCard to do it. Just want to automatically authenticate the user without prompting anything to him, just using SSO.

I found an article that refers three ways to authenticate an user in the bot:

  1. Sharing the client's user token directly with the bot via ChannelData

  2. Using an OAuthCard to drive a sign-in experience to any OAuth provider

A third option, called Single Sign-On (SSO), that is in development.

And, according to the article my situation is:

WebChat in an authenticated website where the user is already signed in and the website has a token to the same identity provider but to a different app that the bot needs -> in the future, this is single sign-on, but for now you 'll need to use an OAuthCard.

Is there any update about this functionality? How can I authenticate the user into the bot without using an OAuthCard or a SigninCard?

Thanks in advance

Hugo Pedrosa
  • 347
  • 2
  • 12

2 Answers2

0

Not sure if you have tried the option of using WebChat with Azure Bot Service’s Authentication which provides built-in authentication capability to authenticate chat users with various identity providers such AAD, GitHub, Facebook, etc.

If you are looking for this built-in feature, then probably you need to build your own custom built solution using Google sign-in by passing the token ID of the authenticated users. Or for an Account linking OAuth2 solution as explained in this link: How to implement Login in Dialogflow chatbot.

Abhishek
  • 5
  • 6
0

Microsoft guys Are looking at the issue now. you can track the progress here. I implemented a solution that worked for me. I have the bot running in a .net core web app Here's what I did:

  1. Generate an userId before initializing the BotApp
  2. When the user clicks on the button to open the webchat, I'm opening an authenticated controller in a popup that receives the generated userId. The page is authenticated, so you will need to authenticate. I store the userId in my DB, along with access_token and some user information. The controller should be created in the same webapp where the bot is running.
  3. After storing all the information I close the tab and start the BotApp with the generated userId
  4. In bot code you will be able to query your DB (using userId).

To wait until the popup close, you can have a look into this here.

I hope that this helps someone.

Best regards

Hugo Pedrosa
  • 347
  • 2
  • 12