MS Teams 消息扩展在测试服务器上不起作用[云]

Question

I have developed MS Teams Message Extension using Java[Spring Boot] and registered the bot in Botframework Development portal[https://dev.botframework.com/]. It is working fine in local. I tested in local environment using a tunneling application named localtunnel. I tested the extension in MS Teams.

I pushed the code to cloud[AWS] as it was working fine on local and also changed the message endpoint URL to point to our test server. But, unfortunately i am getting " Bot returned unsuccessful status code unauthorized."[You can see the screenshot]. Test server message endpoint doesn't require JWT token, I am able to call it successfully from postman with out giving token.

As per the documentation, this error occurs usually when:

• The Messaging endpoint specified on the Settings page for your bot in the Bot Framework Portal is incorrect. Make sure you have included the proper path at the end of the URL (eg, /api/messages).

• The Messaging endpoint specified on the Settings page for your bot in the Bot Framework Portal does not begin with https or is not trusted by the Bot Framework. Your bot must have a valid, chain-trusted certificate.

• The bot is configured with missing or incorrect values for app ID or password. Verify that the bot configuration settings specify valid values for app ID and password.

All the points are correct in my case.

In this documentation, It is mentioned about Azure Bot resources in the "Test your bot" section of "Step 4: Test your bot in the cloud".

https://docs.microsoft.com/en-us/azure/bot-service/bot-service-troubleshoot-authentication-problems?view=azure-bot-service-4.0&tabs=csharp#step-3

So in order to test the bot on cloud, is it necessary to register it on Azure Bot services instead of Botframework development portal? Can't we just test it just by registering it on Botframework development portal?

Answer 1

The dev.botframework.com portal is deprecated, so I'd advise against continuing to use it. The Azure Bot resource is the evolution and replacement of the Bot Channels Registration, so you will need to use it to test your bot in the cloud. It effectively does the same things, but it better handles various new security and tenancy features that the old portal did not.

Furthermore, the documentation you linked mentions that extra security configuration steps must be taken for non-Azure deployments to get your bot to use https. Ensure you do this before filling in the messaging endpoint in your Azure Bot configuration.

Answer 2

I figure out the issue. Even though message endpoint could be called without any JWT token of our app, code was verifying the token if in case it is present in Authorization header instead of ignoring it. MS Teams sends JWT token in Authorization header of every request to verify it is coming from teams, but extension app was comparing this token sent from teams against our app. Since this token is not created by our app but instead by bot framework, so it was throwing 401 unauthorized.

So make sure your app is in ignoring the token sent in Authorization header for message endpoint.

About the other doubts I had:

• It is not mandatory to register bot in azure in order to test in cloud, you can register it in development portal as well. Since development portal is depreciated, I highly recommend to use azure as it is highly secure.

• You can do non azure deployment as well. You can deploy your extension app or message API endpoint in any cloud provider of your choice. But you have to register the bot either in development portal or azure which will call your extension app.