Add OAuthFlow with back compat to context.SignIn flows#437
Open
Add OAuthFlow with back compat to context.SignIn flows#437
Conversation
- Register signin/failure route and handler in OAuthFlow - Add SignInFailureValue for structured failure details - Update SignInFailureHandler to accept failure info - Log detailed warnings for client-side SSO failures - Fire OnSignInFailure on all flows for signin/failure invokes - Return HTTP 200 for signin/failure, 412 for expected token errors - Add TokenExchangeInvokeResponse for diagnostics on 412 - Remove automatic user/bot token fetch; now explicit - Clarify and implement token exchange deduplication - Update docs, edge cases, and summary tables accordingly
Refactored OAuth and token client classes for better thread safety and nullability. - BotSignInClient: GetResourceAsync now returns a non-nullable result. - UserTokenApiClient: Added async/await wrappers to align nullability and types, with explanatory remarks. - OAuthFlow: Added SemaphoreSlim for serialized connection name discovery, suppressed disposal warning, and improved thread safety with volatile flag and double-checked locking. - Context<TActivity>: Marked IsSignedIn as obsolete and documented thread-pool starvation risk, recommending async usage.
- Created `sso-trace-2026-04-22-sequence-diagrams.md` to document the login, profile, and logout flows using sequence diagrams. - Added `sso-trace-2026-04-22-summary.md` to provide a detailed trace summary of the SsoBot interactions, including identity references, request summaries, and MSAL token acquisitions.
Resolves conflicts by keeping Compat decoupled from TeamsBotApplication/Apps (per PR #391). Removes duplicate CompatChannelAccount.cs (methods now in CompatActivity.cs). Updates CompatAdapterTests to use BotApplication. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Resolved conflicts in 5 files: - BotSignInClient.cs: accept nullable return type from next/core - UserTokenApiClient.cs: remove extra remarks docs removed in next/core - Context.cs: keep both Auth and Api.Clients usings needed by PR - TeamsBotApplication.cs: keep Auth using needed by OAuthFlowRegistry - CompatTeamsInfoTests.cs: accept ConversationList return type from next/core Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
rido-min
commented
Apr 22, 2026
| { | ||
| Name = string.Join("/", [TeamsActivityType.Message, regex.ToString()]), | ||
| Selector = msg => regex.IsMatch(msg.Text ?? ""), | ||
| Selector = msg => regex.IsMatch(msg.TextWithoutMentions ?? ""), |
Member
Author
There was a problem hiding this comment.
@MehakBindra I added this TestWithoutMentions to remove the mention when testing SSO in channels/groups
We could also do it in a middleware... thoughts?
Collaborator
There was a problem hiding this comment.
Hmm, I think it is a useful property that could be required elsewhere too , I say we keep it
- Include user's name in status message response. - Fix recipient type in OAuthFlow and clarify foreach typing. - Remove unused using directives in several files. - Delete CompatTeamsSSOTokenExchangeMiddleware and related logic.
Introduce TeamsBotApplicationOptions for DI configuration of OAuth flows, enabling registration of connection name, card text, and button text at startup. Overload AddTeamsBotApplication to accept configuration delegates. Update TeamsBotApplication to auto-register flows from DI options and provide GetOAuthFlow for callback attachment. Enhance OAuthFlow to support default OAuthOptions per flow. Update docs and samples to demonstrate the new pattern. Improve status messages, JSON formatting, and add validation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request adds two new sample bots demonstrating OAuth authentication flows (multi-connection OAuth and Teams SSO) and makes minor improvements to the API client code for clarity and type-safety. The new samples provide practical guidance for implementing authentication scenarios with Microsoft Teams bots.
New OAuth sample bots:
OAuthFlowBotsample, which demonstrates handling multiple OAuth connections (Microsoft Graph and GitHub), including sign-in, sign-out, and status commands. Includes new files:OAuthFlowBot.csproj,Program.cs, andappsettings.json. [1] [2] [3]SsoBotsample, which demonstrates Teams SSO using a single OAuth connection with simplified context-based authentication. Includes new files:SsoBot.csproj,Program.cs, andappsettings.json. [1] [2] [3]core.slnx).API client improvements:
BotSignInClient.GetResourceAsyncto return a non-nullable result, aligning with the underlying core client and improving type-safety.UserTokenApiClientmethods to document bridging of type and nullability differences between the API surface and the core client. [1] [2] [3]