403 Forbidden Error when attempting to authenticate
I cloned and ran 24.bot-authentication-msgraph to test authentication. I've updated the .bot file to put my app id and password as found https://apps.dev.microsoft.com. I've also updated CONNECTION_SETTING_NAME variable in bot.js.
Edit: I forked the repo so you can see my code and changes here. Check out the last 3 commits to see my changes. I excluded my .bot file because it has my app password.
But the bot doesn't even try to authenticate me, and in the console, I received a 403 error. It has no description or text with it.
Alright, after doing some troubleshooting and intentionally trying to break my implementation, I figured out the issue.
You have two "apps", 1 "App Registration" in the App Registration Portal and 1 "Web App Bot/Bot Channels Registration" in your Azure Resource Group (or at least you should if you follow the docs):
- An Azure AD v1 or v2 app created in this step "To create an Azure AD v1/v2 application"
- A Bot Channels Registration app created in this step "Create your bot on Azure"
Based on your images, you're using your Azure AD v2 appId and appPassword in your .bot file, when you should be using your Bot Channels Registration bot's appId and appPassword, as described in this step.
Note: The Azure AD v2 appId and appPassword are only used when editing your bot's Azure settings to add OAuth.
You can get your bot's appId and appPassword (which you need to place in your .bot file) in either of two ways:
- Via App Registration Portal
- Go to the App Registration Portal and click on your
bot (NOT the Azure AD v1/v2 app).
- If you named them similarly, you'll know you chose the wrong one if it has a Web Platform listed--that should only be in the Azure AD v1/v2
- It will list your appId and you can get a new password by clicking "Generate New Password"
- Go to the App Registration Portal and click on your
bot (NOT the Azure AD v1/v2 app).
or,
- Via Azure Portal
- Open your Resource Group in the Azure portal.
- Click Deployments
- Under "Deployment Name", click your Bot Channels Registration bot.
- Click Inputs. Your appId and appPassword is APPID and APPSECRET, respectively.
- MSAL AcquireSilent gets always new token
- how to use keap api , making OAuth request without user authorization?
- TikTok oAuth API authorization code request always expired
- OAuth 1.0 and X API v2 with Scala and sttp
- How to get access Token from Amadesu API on Python
- How to store sensitive data in React Native or expo code ? ( with Keychain and Keystore )
- Using basic oauth to send a tweet
- Spring Boot redirection back to login page
- Unsuccessful using OAuth 2 access token to send emails via Gmail
- Logging in users with API built in laravel
- LinkedIn API: The token used in the OAuth request has been revoked
- How to get LinkedIn access token in iOS to call API?
- OAuth Client Credential Flow - Refresh Tokens
- AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'
- ServiceStack JWT Refresh token uses Session identifier when used with OAuth AuthProvider
- EXPO AuthSession returns dismiss on Android device
- Threads Meta API/Auth Callback URLs
- Is storing an OAuth token in cookies bad practice?
- Firebase credentials as Python environment variables: Could not deserialize key data
- Azure Authenticatication Flow in a Desktop App (WinForms C#)
- Check OAuth Facebook token from iOS client on server/API
- Role based authorization using Keycloak and .NET core
- Amazon Cognito: How to stop getting "redirect_mismatch" error when redirecting from browser to Android app
- How to use SHA256-HMAC in python code?
- Facebook OAuth "The domain of this URL isn't included in the app's domain"
- How get config file values in other config file - Laravel 5
- Snowflake custom OAuth not working with invalid_client error
- How to Locate and Customize the OAuth Implicit Flow Redirect Screen?
- Keycloak - Assign a client scope to user with a specific role
- Implementing a dynamic OAuthBearerServerOptions AccessTokenExpireTimeSpan value from data store