botframework on teams channel 1:1 Authentication AAD integrated

Question

I\'m looking to connect my bot on teams channel but i didn\'t know the way to secure this for use only in our domains (organization).

I have test to look (authentic

Answer 1

The incoming message contains information that you can use to identify the user. A message looks like this:

{ ... "from": { "id": "29:1XJKJMvc5GBtc2JwZq0oj8tHZmzrQgFmB39ATiQWA85gQtHieVkKilBZ9XHoq9j7Zaqt7CZ-NJWi7me2kHTL3Bw", "name": "Richard Moe", "aadObjectId": "ae361bee-9946-4082-99dc-6994b00ceebb" }, "channelData": { "tenant": { "id": "72f988bf-86f1-41af-91ab-2d7cd011db47" } } }

The channelData.tenant.id identifies the organization (O365 tenant) that the user is part of, so you can look at that and reject messages that aren't from ones that you expect.

The message also has the AAD object ID of the sender in from.aadObjectId. The auth flow in the links above is useful if you need tokens to provide to other services so you can act on behalf of the user, but if all you need is the user's tenant and identity, the message has all you need.

(Remember to authenticate the incoming request first, before trusting any information in the message.)