I integrated hangouts chat BOT with my java webhook. I am getting messages properly from DM also, but my question is how can I validate the incoming message identity other than comparing verification token that I am getting in every Event object and comparing it with verification token I have in Bot creation page in Google developer console?
Create a service account here -> https://console.cloud.google.com/
Enable Chat API here -> https://console.cloud.google.com/apis/api/chat.googleapis.com/
Download the service key
You can find code on Google Chat documentation for authenticating a service account. Here is an example in Python
scopes= 'https://www.googleapis.com/auth/chat.bot'
credentials = ServiceAccountCredentials.from_json_keyfile_name('<service_key_name>.json', scopes)
http2 = Http()
credentials.authorize(http2)
service = build('chat', 'v1', http=http2)
<use service here for REST API>
example:
resp = service.spaces().messages().create( parent = spaceName, body = chatBody).execute()
Related
I have added a BOT using Microsoft Teams to my Azure. I have an endpoint URL which is like
.aurewebsites.net/api/messages.
The question is I want to send a message to my Teams Channel using this endpoint.
How can I call this api/messages endpoint using Postman or PowerShell Invoker-Web Method?
I'm using the /beta endpoints for Microsoft Graph API, but I'm getting an Unauthorized error when trying to create chat messages on behalf of other users (or any user).
In v1.0 of the API, the Create chatMessage method is not Supported, but in Beta it is: https://learn.microsoft.com/en-us/graph/api/channel-post-message?view=graph-rest-beta&tabs=http, as "Teamwork.Migrate.All" permission, which my Application has in Azure.
It is strange, because the same App can create Teams, channels and add members, but not add channel messages.
Anyone know where to look next?
Edit: I got this back now: "You need to add user delegated permissions in your application to at least Group.ReadWrite.All in portal.azure.com and then consent as user or Grant admin consent in portal. And re-run On behalf of a User | Get User Access Token request to update access token."
However, it does not make sense in regards to what the Beta documentation says about the permission "Teamwork.Migrate.All", which my app has as an "Application Permission": "Allows the app to create chat and channel messages, without a signed in user. The app specifies which user appears as the sender, and can backdate the message to appear as if it was sent long ago. The messages can be sent to any chat or channel in the organization."
If I'm an app and I have that permission, what should I do with a User Access Token? I'm using the App Access Token.
For simply posting message to Teams Channel using Application Permission is not supported by Microsoft Graph
Alternatively you can setup Incoming Webhook which is connector in MsTeams's channel and after finish set up on Teams channel you will received URL which you could use Postman or any API consumer app to send request(your message) to Incoming Webhook which will be post in Teams Channel
Sample Result Image
NOTE: Incoming Webhook is not support for replying post
You need to add user delegated permissions in your application to at
least Group.ReadWrite.All in portal.azure.com and then consent as user
or Grant admin consent in portal. And re-run On behalf of a User | Get
User Access Token request to update access token.
It seems that you need to use a user token instead of an application token to create chat messages. The only difference between them is that the user token requires the user to log in. The application token allows the application to create chat messages on behalf of other users. Currently, you can only use user tokens.
As your prompt message says, you need to grant the Group.ReadWrite.All delegation permission to the application, and then grant the admin consent for the permission, and then you need to use the auth code flow to obtain the access token.
Update:
I think what you are doing is importing messages, not creating chat messages, it does require you to have the Teamwork.Migrate.All application permission.
Importing messages is special, it requires you to create team and create achannel in the migration state, you need to include the migration value in the teamCreationMode and channelCreationMode instance attributes in the POST request. See: here.
I’m in process of developing system which consists from such parts:
- Some services under gateway (Ocelot)
- Mobile client (iOS)
- Identity Server 4
Mobile client hasn’t been prepared yet, so I use Postman for emulating requests from it. My problem is implementation of Authentication with External providers, like Google. It’s my first experience of using IS 4, so I have some misunderstanding and difficulties. Excuse me, if my question is too abstract or if I miss smth obvious.
I successfully deployed IS 4 using all this tutorials and it works with Password Credentials flow in a proper way: I request IS for access token, sending user credentials, it returns token and I can successfully use it for access to my API methods.
Situation with External Providers are different. I’ve overviewed this tutorial (https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-3.1) and some other and add code from it to the IS project. I can successfully log in with Google, using a button on that IS4 web-page which goes with IS 4 Quickstart UI template. But no chance to work with API. As I understand in such workflow client-app should go for a token not to my IS as in example with a local user, but to the Google Auth provider. And I emulated it with Postman and got a strange access_token which has no data and it_token which contains username, email and so on. I try to use this id_token with requests to my API. The result is always 401.
Where I’m wrong? How should I build requests to API with token from Google? Or I have misunderstanding and there should be another flow: client goes to IS with specific request, IS goes to Google and then returns proper token to Client?
Here is configuration of authecation on the side of Web API app:
private void ConfigAuthentication(IServiceCollection services)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.Audience = "k_smart_api";
});
}
Here is config of Google-Auth on the side of IdentityServer:
services.AddAuthentication().AddGoogle(opts => {
opts.ClientId = "My google client Id";
opts.ClientSecret = "my google client secret";
opts.SignInScheme = IdentityConstants.ExternalScheme;
opts.SaveTokens = true;
});
This is how I get Access Token:
postman exampple
The tokens you get back from Google, is only used to Authenticate the user in Identity Server. Then after Identity Server receives those tokens, it sign-in the user and create new tokens (ID+access) that are passed to your client. you should look at using the authorization code flow in your client to authenticate the user and to get the tokens. then use the access token received to access your API.
do remember that the tokens received from Google are not used to give access to your APIs.
We have a web application and enabled direct client channel to communicate with the hosted BOT framework using directline secret.
Link :BOT - Directline webchat
Sample Code:
BotChat.App({
directLine: { secret: Key },
//dynamically retrieve the logged in user info in your mvc View once the user logged in and pass it on
//and pass thoes info to your bot
user: { id: '', email: '' },
bot: { id: 'testBOT' },
resize: 'detect'
}, document.getElementById("divbot"))
Here is my situration:
1) The user successfully logged in to the application and authorized using the individual account
2) How to authenticate the user in the BOT framework. The Directline secret used to authenticate the calling application. Is there any way to authrorize the authenticate the logged in user in the BOT framework securely?
Thank you
also read about getting the secret token from the key and use for communication. But not sure how to accomplish in the javascript.
It seems that you embed web chat in your MVC website, and you do not want to expose Direct Line Secret (which prevent anyone from putting your bot on their website). You can try this approach:
Create a backend service, and make request to generate Direct Line token in that service, which can avoid exposing Direct Line Secret from client side.
On your JavaScript client, you can make Ajax request to that backend service for getting Direct Line token and initiate BotChat with generated token in Ajax success callback function.
Enable CORS in your backend service to allow some origins and prevent another origins request from accessing that backend service and adding your bot in web page.
For secure your backend service, you can implement request Authentication for it.
You can exchange the key for a token that expires. Here is an mvc example: https://github.com/EricDahlvang/TokenBotExample/tree/master/TokenBotExample
string botChatSecret = ConfigurationManager.AppSettings["BotChatSecret"];
var request = new HttpRequestMessage(HttpMethod.Get, "https://webchat.botframework.com/api/tokens");
request.Headers.Add("Authorization", "BOTCONNECTOR " + botChatSecret);
using (HttpResponseMessage response = await new HttpClient().SendAsync(request))
{
string token = await response.Content.ReadAsStringAsync();
Token = token.Replace("\"", "");
}
I trying to implement login facebook by using Loopback as API,
Following http://loopback.io/doc/en/lb3/Tutorial-third-party-login.html
and https://github.com/strongloop/loopback-example-passport I can't apply the tutorial to my case because at the example,
client side and server side are on the same project.
My app:
Web application (NextJS custom express server)
example endpoint: www.myapp.com
User click login by facebook button to get access_token after that send to API.
API application (Loopback)
example endpoint: www.api-myapp.com
API get access_token from client then fetch data from facebook graph API.
If email is existed then auto-login and return token to the client.
Else register a new user and return token to the client.
From the following flow, I can't implement this flow by using Loopback :(
I can register/login via username and password in a normal case but I confusing to register/login by facebook login.
This behavior would be very easy to implement using Loopback. Assuming you are following the third party login documentation, you would simply:
Enable facebook-passport authentication.
Create a button in your frontend for "login with facebook" which redirects the user to the authpath (ie http://<api-server>/auth/facebook).
Set the successRedirect to http://<app-server>/<post-login-url>.