Transparent BOT authentication with Microsoft Teams
At the time of writing this blog post, the BOT framework is still in preview so things are subject to change! However, if you already played with it and tried to enable the Teams Channel for one of your BOTs, you’ll see that it behaves differently than for the WebChat Channel.
Indeed, attachments are not handled the same way and although the user is automatically recognized in the Teams Channel, I couldn’t find any way to generate a Graph AccessToken (or anything else) by leveraging this information.This means that if you want to interact with any Azure Active Directory protected API, you’ll have to prompt the user for login (unless I missed something).
It’s a bit a pity because the user is already authenticated when launching the chat window. So, I managed to come with an alternative that is probably not the best one but that could be interesting should the company you work for, absolutely want a transparent/automatic authentication with your BOT. As you know, SSO is on everyone’s lips and the average employee hates when being prompted for authentication, especially if he is already authenticated in Teams.