Azure Bot of type UserAssignedMSI still requires client ID and secret when creating a new OAuth connection

Question

I have a Azure Bot (UAMI Configured). However when I try to add OAuth Connection Setting, all Service Providers expect either a secret or certificate to authenticate to an external resource.

Is it not possible to leverage the User-assigned Managed Identity to connect to other resources secret-free?

Here's how the Azure Bot is configured -

To clarify -

I have an existing Azure Web App bot that works fine using an external identity provider (App registration). However that requires the use of a Client Secret.

My question here is, Is it possible to configure an OAuth connection without a client secret/certificate, rather relying on the UAMI under the hood to authenticate.

Answer 1

As mentioned in the MSDOC, the existing Microsoft Entra ID application in which the Azure bot with User Assigned MSI registered allows the bot to access an external secured resource ie., Microsoft Graph and also allows the user to communicate with the bot via several channels such as Web Chat, teams etc.,

You have to create a separate Microsoft Entra ID application to function as identity provider for the Bot.

To establish the OAuth connection between the bot and the secured resources, you need to provide the credentials such as Client ID and Client Secret.

Create a separate Entra ID application with OAuth Redirect URL as Redirect URI:

Set the API permissions for the app under App=>API permissions=>Add a Permission=>Microsoft Graph=>Delegated Permissions:

Create a Client Secret in the newly created Entra ID application.

Navigate to Azure Bot and configure OAuth Connection using Client ID and client secret of Entra application to register the identity provider with the bot.

Select Connection entry=>Test Connection:

After accepting the consent, it redirects Test Connection Succeeded page as below: