Using Azure Bot Bearer Token to make a GET request to external API
I have an Azure Bot setup that authenticates the user using oAuth2. From this, I obtain an access token. I also have a web application that uses oAuth2 authentication and the same active directory as the Azure Bot. With this access token serving as bearer token, I would like to make a POST and GET request to my web application from the Azure Bot.
I've tried the following but it appears that my requests are not authenticating as I am not receiving the desired result.
RestClient client = new RestClient(BaseURL);
RestRequest request = new RestRequest("api/dashboard/GetUserName", Method.GET);
request.AddParameter("Authorization",
string.Format("Bearer " + tokenResponse.Token),
ParameterType.HttpHeader);
var response = client.Execute(request);
Am I misunderstanding the purpose or function of bearer tokens?
Per my understanding, you just obtain the access token from Azure Bot, but you want to request from Azure Bot to another web application. So you need to get another access token from the web application and use this access token as bearer token.
The other way, you do not need to ask for another access token. You can refresh the token by referring to this tutorial, but you need to change the "scope" property, change it from the scope of Azure Bot to the scope from the web application.
Update:
For your requirements, you need to use OAuth 2.0 on-behalf-of flow, please refer to this tutorial.
In the flow image above, the "Web API A" represents your Azure Bot and the "Web API B" represents your web application. You need to get the first access token for Web API A and then get the second token for Web API B. After that you can request Web API B.