[Dev-Docs AI Improvement]: Add code to enable SSO in your bot app #13657
Conversation
Acrolinx ScorecardsWe currently enforce a minimum score of 80. Click the scorecard links for each article to review the Acrolinx feedback on grammar, spelling, punctuation, writing style, and terminology:
More info about Acrolinx Use the Acrolinx extension, or sidebar, in Visual Studio Code to check spelling, grammar, style, tone, clarity, and key terminology when you're creating or updating content. For more information, see Use the Visual Studio Code extension to run Acrolinx locally. |
PoliCheck Scan ReportThe following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans. ✅ No issues foundMore information about PoliCheckInformation: PoliCheck | Severity Guidance | Term |
|
Learn Build status updates of commit 0780e1a: ✅ Validation status: passed
For more details, please refer to the build report. |
| # Add code to enable SSO in your bot app | ||
|
|
||
| Before you add code to enable single sign-on (SSO), ensure to configure your app and bot resource in Microsoft Entra admin center. | ||
| Before adding code to enable single sign-on (SSO), ensure you configure your app and bot resource in Microsoft Entra admin center. |
There was a problem hiding this comment.
As per Microsoft style guide, this is not correct. Change this to - Before you add code to enable single sign-on (SSO), configure your app and bot resource in Microsoft Entra admin
| > [Configure bot app in Microsoft Entra ID](bot-sso-register-aad.md) | ||
| You need to configure your app's code to obtain an access token from Microsoft Entra ID. The access token is issued on behalf of the bot app. | ||
| Configure your app's code to obtain an access token from Microsoft Entra ID. The access token issues on behalf of the bot app. |
There was a problem hiding this comment.
Configure your app's code to obtain an access token from Microsoft Entra ID. The access token is issued on behalf of the bot app. - change it to this
| - The token's `scp` parameter is set to `access_as_user`. | ||
| - Valid SSO tokens issue from Microsoft Entra ID. The `iss` claim in the token must begin with this value. | ||
| - The token's `aud1` parameter sets to the app ID generated during Microsoft Entra app registration. | ||
| - The token's `scp` parameter sets to `access_as_user`. |
There was a problem hiding this comment.
Please retain the original version. This edited version is incorrect.
| - Checking that the token is targeted to the web API. | ||
| - Verifying that the token issued by the intended authority. | ||
| - Confirming that the token targets the web API. | ||
|
|
There was a problem hiding this comment.
retain the original content
| :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/permissions-requested-small.png" alt-text="The image shows the permissions requested pop-up on mobile" lightbox="../../../assets/images/authentication/teams-sso-bots/permissions-requested-mobile.png" border="false"::: | ||
|
|
||
| The user must select **Accept** to give consent. | ||
| The user must select **Accept** to provide consent. |
|
|
||
| :::image type="content" source="../../../assets/images/authentication/teams-sso-bots/permissions-requested-desktop-small.png" alt-text="The image shows permissions requested pop-up on desktop" lightbox="../../../assets/images/authentication/teams-sso-bots/permissions-requested-desktop.png" border="false"::: | ||
|
|
||
| The user must select **Accept** to give consent. |
| #### Microsoft Entra ID consent is required | ||
|
|
||
| When a bot is added to a group chat for the first time and consent is required for a particular user, a consent dialog box appears only to the user who @mentions the bot. The user must give one-time consent to the permissions requested by the bot app to get the access token. | ||
| When a bot adds to a group chat for the first time and consent is required for a particular user, a consent dialog appears only for the user who @mentions the bot. That user must consent one time to the permissions requested by your bot app to obtain the access token. |
There was a problem hiding this comment.
Only change dialog box to dialog rest to retain from the original content
| // Listen for incoming requests. | ||
| expressApp.post('/api/messages', async (req, res) => { | ||
| // Route received a request to adapter for processing. | ||
| // Route received request to adapter for processing. |
| # [JavaScript](#tab/js2) | ||
|
|
||
| After you add the code snippet for `TeamsSSOTokenExchangeMiddleware`, the following code must appear: | ||
| After adding the code snippet for `TeamsSSOTokenExchangeMiddleware`, include the following code: |
There was a problem hiding this comment.
retain you add, rest is fine
This PR updates the content of the file: msteams-platform/bots/how-to/authentication/bot-sso-code.md.
Submitted by: @yashy797