Bot V3 Forbidden

[albhardy]

Following code works locally, but I kept receiving "403 Forbidden" message after I deployed the code on Azure web apps. I'm pretty sure I've configured MICROSOFT_APP_ID and MICROSOFT_APP_PASSWORD in Azure Application Settings correctly (including restarting the server). Am I missing something here?

var restify = require('restify');
var builder = require('botbuilder');

//=========================================================
// Bot Setup
//=========================================================

// Setup Restify Server
var server = restify.createServer();
server.listen(process.env.port || process.env.PORT || 3978, function () {
   console.log('%s listening to %s', server.name, server.url); 
});

// Create chat bot
var connector = new builder.ChatConnector({
    MicrosoftAppId: process.env.MICROSOFT_APP_ID,
    MicrosoftAppPassword: process.env.MICROSOFT_APP_PASSWORD
});


var bot = new builder.UniversalBot(connector);
server.post('/api/messages', connector.listen());

//=========================================================
// Bots Dialogs
//=========================================================

bot.dialog('/', function (session) {
    session.send("Hello World");
});

[AmineI]

This should work, I guess :

var connector = new builder.ChatConnector({
appId: process.env.MICROSOFT_APP_ID,
appPassword: process.env.MICROSOFT_APP_PASSWORD
});

Hope it helps anyway :) !
(+ blaahblahhblaahh GitHub is for reporting issues and you can seek help in stackoverflow for example)

[OR13]

@albhardy There are some relevant known issues:

Here’s a list of the known issues and workarounds in the latest release.

Emulator doesn’t work when configured with the bots appId & appPassword There’s an issue currently that’s preventing the emulator from being able to talk to the bot when security is enabled. We’ll have a patch for this soon but in the meantime you need to make sure that when you’re using the emulator you don’t set the App ID or App Password and on the bot side don’t configure the ChatConnector with an appId or appPasword either. This will disable security on both sides and the emulator should work. When you deploy your bot you’ll need to put teh appId & appPassword back in otherwise the bot won’t work deployed. If you’d like to test your bots security locally you can use ngrok to run your bot locally behind a proxy.

if you are upgrading, you may need to switch to an endpoint with https.

Consider letsencrypt + ngrok for local testing, I've found the Emulator to be pretty broken, but its unclear to me if thats just me not getting the new version.

I suspect the implementation of this new secrete has required https, and ChatConnector is refusing to authenticate with your appId and appPassword in plain text, if you figure out how to get it working let me know ; )

[albhardy]

Thanks for the reply - The reason I updated AppId into MicrosoftAppId is because of similar issue in SO: http://stackoverflow.com/questions/38278975/bot-framework-v3-unauthorized and I'm aware issue of Emulator v3.

However, I post the issue is because I could not get "Test Connection to my Bot" in https://dev.botframework.com/ working after I push my code into Azure Apps and used https connection. I'm not sure what else to look out for. The deployment is successful - I could actually get static page displayed by using following code:

// Serve a static web page
server.get(/.*/, restify.serveStatic({
    'directory': '.',
    'default': 'index.html'
}));

[albhardy]

Apparently appId and appPassword are correct keys - I manage to (briefly) obtain following:

But, pressing test again will result in

I'm kinda stuck here because Bot Framework registration by default insists on V3 (No longer allow V1) - but deploying V3 just result in this single Forbidden error. Not sure if this is framework issue or the way I deploy on Azure apps is wrong (I just use Deployment Source and set the Env variables)

[albhardy]

It might be Framework issue as reported in #631 - I could confirm that the bot is working on Telegram Channel but not on Skype

[Stevenic]

@albhardy the correct fields you should be setting are appId and appPassword. It's true that your bot won't work against the emulator when you do that (it's an issue with the Node SDK not the emulator) but you should be able to get your bot working locally via ngrok.

[xumx]

Can confirm there is a bug somewhere upstream.

I've set up the environment on localhost ngrok
and used appId and appPassword, and successfully got back an access_token.

When testing connection to the bot using the web UI (as albhardy screenshot), it randomly switches between "Accepted" and "Forbidden"

I clicked it around 10 times, gets around 4 "Forbidden".

There might be a load balancer somewhere that is directing requests to servers that rejects the access_token.

it is not a problem with the SDK

[albhardy]

I started to suspect that the issue comes from Azure webapps - The code works using ngrok, but stops suddenly whenever I use Azure webapps endpoint.

[yuyuvn]

EC2 also have this issue. Nothing happen when test with ngrok.

[DirkSonguer]

I'm also having similar issues. However when trying our different things, I noticed the following:

When the app is hosted on a shared Azure instance (F1 Free or D1 Shared), then the channels randomly can't connect and I get "ERROR: ChatConnector: receive - invalid token. Check bots app ID & Password." from my bot app (node). I also get random Forbidden / Accepted from the test button.

When I scale up to a B1 Basic or above, everything works fine.

So if you're running into the connection issue, check what kind of instance you're running on and try scaling up.

[oztheozoz]

I just opened an issue this morning that is related to this. I am linking it here because I believe it may provide a reason for why this is occurring #742

[dandriscoll]

This should be fixed in 3.1.1.