Azure Bot 通道错误 "There was an error sending this message to your bot: HTTP status code Unauthorized"
Azure Bot channel error "There was an error sending this message to your bot: HTTP status code Unauthorized"
尝试从 azure Bot 通道向 api 发送消息时出现未授权错误。我已经使用 pulumi 部署了 azure 应用程序和 Bot 通道。在 Azure 应用程序中,我注意到身份验证部分中有一条关于 Implicit Grant.
的警告
如果我从 Azure 门户禁用隐式授予设置,则 Bot 通道可以正常工作。我正在根据 pulumi 文档使用默认设置创建 azure 应用程序,但没有删除此 Implicit Grant 设置
的选项
我已经使用 this link
使用 pulumi 创建了 Azure 应用程序和 Bot 通道
public static AzureAD.Application Create()
{
var name = "app-name";
var azureApp = new AzureAD.Application(name, new AzureAD.ApplicationArgs
{
Name = name
// Tried combinations of the following lines, but it makes no difference
//, Type = "native"
//, Oauth2AllowImplicitFlow = false
});
CreatePrincipal(azureApp);
return azureApp;
}
private static void CreatePrincipal(AzureAD.Application azureApp)
{
var name = "app-principal";
new AzureAD.ServicePrincipal(name, new AzureAD.ServicePrincipalArgs
{
ApplicationId = azureApp.ApplicationId
});
}
public static ChannelsRegistration Create(ResourceGroup resourceGroup, AzureAD.Application teamsBotAzureApp)
{
var channelName = "Channel";
var channel = new ChannelsRegistration(channelName, new ChannelsRegistrationArgs
{
Location = "global",
ResourceGroupName = resourceGroup.Name,
Sku = "F0",
MicrosoftAppId = teamsBotAzureApp.ApplicationId,
Endpoint = "https://azurefunction.com/api/BotMessagesHandler"
});
CreateChannel(resourceGroup, channel);
return channel;
}
在 azure ad 中,Implicit Grant 的设置由 Manifest(you can also set them in the UI, then they will be changed in the manifest), Access tokens corresponds to oauth2AllowImplicitFlow, ID tokens corresponds to oauth2AllowIdTokenImplicitFlow 中的参数控制。
如果你用pulumi创建应用,你可以设置Oauth2AllowImplicitFlow = false来禁用Access tokens,但看起来pulumi inputs中没有oauth2AllowIdTokenImplicitFlow,所以您无法通过 pulumi 禁用 ID tokens。
您可以尝试以下解决方法。
1.From 警告,它说 You should remove these settings or register the appropriate redirect URI. 所以你可以尝试使用如下代码创建带有重定向 URI(即 ReplyUrls )的应用程序,看看它是否可以在不禁用 ID tokens.
ReplyUrls =
{
"https://replyurl",
}
2.If被接受,你可以使用Microsoft Graph SDK to update the application after creating it. Set the enableIdTokenIssuance to false in implicitGrantSettings of web属性,然后ID tokens将被禁用。
尝试从 azure Bot 通道向 api 发送消息时出现未授权错误。我已经使用 pulumi 部署了 azure 应用程序和 Bot 通道。在 Azure 应用程序中,我注意到身份验证部分中有一条关于 Implicit Grant.
的警告如果我从 Azure 门户禁用隐式授予设置,则 Bot 通道可以正常工作。我正在根据 pulumi 文档使用默认设置创建 azure 应用程序,但没有删除此 Implicit Grant 设置
的选项我已经使用 this link
使用 pulumi 创建了 Azure 应用程序和 Bot 通道public static AzureAD.Application Create()
{
var name = "app-name";
var azureApp = new AzureAD.Application(name, new AzureAD.ApplicationArgs
{
Name = name
// Tried combinations of the following lines, but it makes no difference
//, Type = "native"
//, Oauth2AllowImplicitFlow = false
});
CreatePrincipal(azureApp);
return azureApp;
}
private static void CreatePrincipal(AzureAD.Application azureApp)
{
var name = "app-principal";
new AzureAD.ServicePrincipal(name, new AzureAD.ServicePrincipalArgs
{
ApplicationId = azureApp.ApplicationId
});
}
public static ChannelsRegistration Create(ResourceGroup resourceGroup, AzureAD.Application teamsBotAzureApp)
{
var channelName = "Channel";
var channel = new ChannelsRegistration(channelName, new ChannelsRegistrationArgs
{
Location = "global",
ResourceGroupName = resourceGroup.Name,
Sku = "F0",
MicrosoftAppId = teamsBotAzureApp.ApplicationId,
Endpoint = "https://azurefunction.com/api/BotMessagesHandler"
});
CreateChannel(resourceGroup, channel);
return channel;
}
在 azure ad 中,Implicit Grant 的设置由 Manifest(you can also set them in the UI, then they will be changed in the manifest), Access tokens corresponds to oauth2AllowImplicitFlow, ID tokens corresponds to oauth2AllowIdTokenImplicitFlow 中的参数控制。
如果你用pulumi创建应用,你可以设置Oauth2AllowImplicitFlow = false来禁用Access tokens,但看起来pulumi inputs中没有oauth2AllowIdTokenImplicitFlow,所以您无法通过 pulumi 禁用 ID tokens。
您可以尝试以下解决方法。
1.From 警告,它说 You should remove these settings or register the appropriate redirect URI. 所以你可以尝试使用如下代码创建带有重定向 URI(即 ReplyUrls )的应用程序,看看它是否可以在不禁用 ID tokens.
ReplyUrls =
{
"https://replyurl",
}
2.If被接受,你可以使用Microsoft Graph SDK to update the application after creating it. Set the enableIdTokenIssuance to false in implicitGrantSettings of web属性,然后ID tokens将被禁用。