I'm trying to build a bot that would integrate with a REST API. To be more specific, the bot should log into the API, based on credentials provided by the user. Based on certain questions that is asked by the user, the bot should then perform certain actions against the API and report with the results. Something like, 'hey mr. bot, I would like to know my latest sales figures' or 'submit my outstanding events'. The API uses forms authentication, thus after login, the bot would need to send the cookie to the API, otherwise a response of 401 (from API).
Is something like this possible?
[Update]
Since it's unclear as to what I'm asking (down vote), I'll extend my question. I would like to know whether the bot would be able to pass the cookie required by the API to and from the client it's communicating with. Otherwise, with each request to the API, from the bot, the API will see the request as one that is not authorized.
Thanks!
I'm not fully sure if this is going to work with cookies. Maybe in the WebChat channel, because of the nature of the channel, may work just fine.
A common pattern I've seen working pretty good with bots is communicating through APIs via OAuth. A good way to implement this is: you send to the user in the bot a link to log in, then the reply will callback to your API where you will basically resume the authentication with the bot and store the access token in the bot state; so you can reuse it on every call.
Since you are using C#, I would recommend checking AuthBot ( is a .Net library for Azure Active Directory authentication on bots built via Microsoft Bot Framework).
Also, you can check AzureBot to see how the Auth library is being used.
Related
I'm trying to send a message in Microsoft Teams Channel via Client credentials provider flow. But it gives the following error.
I've followed the documentation here.
POST /teams/{id}/channels/{id}/messages
This is how my API Permissions look like.
I'm not sure if we can send messages on the channel through the application. Because I don't want to send it via delegated way. Is there any way we can achieve this?
UPDATE:
This is how I'm generating the token.
Update 2:
screenshot of the postman request.
Generally speaking, you missed "Bearer " in Authorization header.
But based on my test, although we add Group.ReadWrite.All and Teamwork.Migrate.All Application permission, it will still give 401 Unauthorized error.
After a research, I find that the use case of Application mode is to Import third-party platform messages to Teams using Microsoft Graph.
See the examples here.
I'm afraid that we have to use delegated way to send messages to Teams channel.
We have a client requirement in that Bot application should be hosted in On- premises and all the web chat communication directly go the web server. I am planning to develop a Bot .Net application and configure with web chat Channel. I would like to know if it is possible to configure the Bot application On- premises
How can I setup the web chat On- premises?
How can I skip the Bot Registration and avoid message routing?
Do I have to build a service to handle all the request and response in the web server?
If I am using webchat how the client data is secure and how the bot service is routing the request to Webapp?
If I am using webchat how the client data is secure and how the bot service is routing the request to Webapp.
Ok. So lets break down the problem.
What you want to do is isolate your bot from any and all communication that it has with Microsoft Bot Connector/Framework.
First understand what are components are involved within Microsoft Bot Framework Ecosystem.
Understanding Bot Framework Ecosystem
Typically a vanilla bot would interact with 3 Microsoft services -
Microsoft Bot Connector: This guy here is the heart of Bot Framework. It has critical job(apart from other unimportant things(security!)) of Message Routing, Session tracking and channel adaptation.
Microsoft Bot State Service: This service is used to store Conversation (and custom) state.
Microsoft Account (MSA) server: The Bot Connector service uses OAuth 2.0 client credentials for bot authentication. MSA server issues these JWT access token.
Now to create an on-premise bot you would need to replace/mock all the above components. Luckily Bot Builder SDK is open source and well designed. The implementations of interacting with above services is interface driven and easy to change.
Understanding and Modifying Bot Builder SDK to create an On-Premise Bot
Since our aim is to not use any Microsoft Service, we would not be needing MSA server to generate token. So no bot registration required.
The most easiest of the services to replace is Bot State Service. All you need to do is implement IBotDataStore or IBotState interface. So instead of storing state in Bot State Service, for instance you could store it into your own Redis DB. I wrote a blog post on how to do this.
What left is now to replace Bot Connector. This is tricky and not straight forward. Plus it is not open source so you are on your own here. As mentioned above, first important piece is Channel Adaptation. Since you mentioned you only need Web Chat channel, there is not much to adapt(duh?!). The second important thing it does is Session tracking, which relies on different IDs that are generated specially Conversation ID and Activity ID. You must understand what they represent. Conversation IDs are generally created and modified by Channel.
Here you must make a choice on how to create the conversation ID. Web chat by default has transient conversation IDs. You may choose to make it more perpetual (one way is to require user to sign in and use userid).
Message Routing works differently in Web Chat Channel since there is no one specific endpoint that Bot Connector has to call(like Facebook Graph API). So Web Chat channel make use of Direct Line APIs to send message and polls(or use socket) a specific endpoint to receive message. Web Chat channel is open source, go ahead and checkout how they do it.
So to fully replace the Bot Connector API you need to create your own connector service which
Accepts requests from Web Chat channel.
Adapt it and forwards the request to bot
Accept response from bot (we will get to how to do this)
Maintain the response in some persistent store. Needed because the user may have closed the web page, so you may need to deliver it when he comes back.
Return the response to web chat channel on the next poll(or use socket).
Granted this is not trivial, but you can take some design decisions that can make life a little easier. Such as doing away with adapter and keep a single schema for communication from web chat control to the bot and back (but then you will need to change Web Chat Channel code). For starters you may even look at BotFramework Emulator code which simulates the Direct Line API.
Now how to get your bot to send replies to your own connector service? To do this you need to implement IBotToUser interface. This is fairly easy to do. Have a look at my repo where I return the response to Skype For Business client instead of Bot Connector.
This is it I believe. If you can get the above done, you can have a completely isolated bot with no connection made to cloud. For security you may have your own OAuth provider(I recommend IdentityServer) or make user signin before using bot. I cannot answer security detail unless I get more overview of your application ecosystem and usecase.
The conversation data(and state) can be made to be stored in your on-premise database fairly easy. In my opinion, if you can go ahead using Bot Connector and only replace Bot state service it would be best(you can also keep on receiving new features from Bot Framework without having to change any code).
All the above information is from my own experience on working with Bot Framework. If anyone has a better suggestion please feel free to share them and I will make the edits.
I am attempting to connect to Yammer using their .NET SDK but I am having a hell of a time managing this... The point of this exercise is to create an application in Azure which periodically - and AUTONOMOUSLY - contacts Yammer and fetches the latest messages from a specific Yammer group.
Does anyone know of the correct way to use the Yammer .NET SDK from, let's say, a console application, which does not rely on a browser (a.k.a. direct user interaction) to successfully connect via OAuth authentication?
What I have tried:
Trying to suss out what to do from the example given on .NET SDK page on developer.yammer.com, you can see under "Standard Process" an example which shows the LaunchSignIn() function with an incorrect signature! The example shows the usage as:
var authResponse = await OAuthUtils.LaunchSignIn(_clientConfig.ClientId, _clientConfig.RedirectUri, ssoEnabled);
whereas the actually signature I get from the dll is:
void OAuthUtils.LaunchSignIn(string clientId, string RedirectUri)
I'll forgive the missing ssoEnabled parameter... but the example claims the function receives a response, from which a Code is then extracted. This is, of course, the piece missing from my attempt to call:
(awaitable) Task<AuthEnvelope> AuthClient.AuthenticateAppAsync(string code)
I have scoured Google for information on the use of the Yammer .NET SDK but have come up empty handed. All manner of examples of connecting to Yammer but none are in any way relevant to the .NET API. The only thing in any way relevant that I have seen is the Yammer .NET API example uploaded, apparently, by the person who developed it, who posted the code on GitHub. I have checked this example but the two parts in it - one for Windows Phone and one for Windows "Modern App" - both rely on a Browser object being available, or something to that effect anyway. There are redirects, I'm supposed to have a RedirectUri for Yammer to direct me... So does this other example - which was the ONLY other example of using the .NET SDK that I could find.
I imagine that the reason the signature is different is because this isn't actually the same function at all. The one I am trying to use is in Yammer.Oss.Api.Utils whereas the example application doesn't even have the letters Utils together other than in the name of the class OAuthUtils... which leads me to believe that it is possibly under Yammer.Oss.Core.WinRT which, as luck would have it, I cannot reference at all... Yammer.Oss.Core only contains Collections, Constants, Extensions and Serialization.
By the way, in the announcement of the .NET SDK (see first link above), the link to documentation for the SDK leads to the Yammer Support page.
Skip the .NET SDK and just do the authorization yourself using the server-side flow. Then make the requests with HttpClient and add the Authorization header. The SDK might be helpful with some Modern Apps but it's overkill for most people. When working with the API manually the worst thing you'll have to deal with is deserializing the JSON responses with JSON.NET, or other JSON library.
You don't say what you are trying to build, but AFAIK WebJobs don't have a UI so you'll need to do the authorization from a console app or website. Then store the resulting OAuth token somewhere that the WebJob can access it. If you have need an OAuth token per user you'll need to store those in a database, but make efforts to protect them because each OAuth token provides access to their Yammer account.
I have an application running on a server that periodically extracts data from Google Analytics. It doesn't issue many queries so I don't think any limit would be a problem.
I have a prototype running, however I had to provide a login a password for the authentication (in code).
I see that I can generate API keys and other kind of authentication bits and pieces in the Google APIs Console, however I am not sure how to use them and whether they can be used in place of the login/password.
It just doesn't seem right to use a user login/password to authenticate a server application.
Is there another way?
(I am using the C# client library)
You should be using OAuth 2.0. See:
http://code.google.com/p/google-gdata/source/browse/trunk/clients/cs/samples/oauth2_sample/oauth2demo.cs
for a sample OAuth workflow.
The best way to do this is with Google Service Accounts
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
However, I don't know off the top of my head the best library for c#, but there does appear to be support for it in the Google library. http://code.google.com/p/google-api-dotnet-client/wiki/OAuth2#Service_Accounts
Here's a answer specifically about the PHP client.
Service Applications and Google Analytics API V3: Server-to-server OAuth2 authentication?
I'd like to write a console program in C# that posts a Tweet to Twitter. I've never used the Twitter APIs before and don't know anything about how their authentication works. I found an API library called Twitterizer, but it seems geared towards web applications and wants the user to logon with a web browser. All the API docs on Twitter's website seems geared around this scenario as well.
Is it possible to access the Twitter APIs using a console app with no web browser access? I'm perfectly fine hard coding in the name and password for the Twitter user I want to post under as well. Thanks!
Mike
You'll need to use OAuth for authenticating in twitter.
Then use regular HTTP Request to use the twitter JSON-based API.
Here you can find a good article about OAuth, Twitter and console applications.
Also take a loot at linq2twitter lib. From it's documentation;
The Twitter API is built using
Representable State Transfer (REST).
Wikipaedia defines REST as "...a style
of software architecture for
distributed hypermedia systems...",
but I'm going to be so bold as to try
to simplify what that means. In
practice, REST is a Web service
protocol built upon Hypertext Transfer
Protocol (HTTP). You use the REST Web
service by making an HTTP call with a
URL and getting text back in some
form, which is often XML or JSON. So,
if you were to write code that made an
HTTP request with the following URL:
http://api.twitter.com/1/statuses/public_timeline.xml
You would get back an XML document
with all of the Twitter statuses from
the public timeline, which is a
snapshot in time of the last 20 tweets
at the time of your request. Go ahead
and open your browser, copy and paste
the URL above into the address bar,
and see what you get back.
I couldn't find any decent information on the web on how to do this, so I decided to write my own blog post with all the details.. Enjoy!
http://blog.kitchenpc.com/2011/01/22/rise-of-the-twitterbot/
of course you can use anything to connect to Twitter via RESTful api.
you should use oauth, and set up your application in http://dev.twitter.com, then you should read all articles listed in documents, you must specify your app as Client but not Browser so user input a number to get through authentication.
you can use many libraries so that you can save your time, all are listed in the documents
and be CAREFUL, you should not use Twitter's own api console which is buggy (as i know parameters somtimes can't be parsed), you should use APIgee instead which is powerful and stable.
if you want use basic authentication, you should use api proxy (one famous is twip), if you just need only one single C# apps, you must code by yourself:
you should use given username and password to login twitter, parse cookies passed
use normal oauth to get temporaly access token url.
use cookies got from step 1, emulates form submit to allow your apps, capture PIN code
use pin code to finish oauth.
MOST IMPORTANT, you must store access token in client's machine so next time you can bypass above steps
Just wrote a Twitter Bot in C#. This is currently posting tweets to #valuetraderteam.
https://gist.github.com/sdesalas/c82b92200816ecc83af1
The API component in the GIST below is less than 500 lines, only dependency is Json.NET, you'll need to download the latest DLL for either x64 or x86 (depending on what platform you are targetting) and include as a reference in your project.
There is an example at the bottom of the page of how you can make a tweet from a console application
Hopefully this is useful to some other people out there.