Oauth Login stopped working in Teams(This action can't be performed since the app does not exist or has been uninstalled.)

[shrutinehra]

Describe the bug

SSO is not working.

Version

2.0.0

Browser

Teams

OS

• macOS
• Windows

To Reproduce

Steps to reproduce the behavior:

Deploy or preview using developer portal

Expected behavior

Show the pop up for log in and get token

Screenshots

Additional context

[anishprasad01]

Hi @shrutinehra,

I need a bit more info from you before I can begin to investigate this issue.

• What are your development system's OS and CPU model?
• What type of bot is this, C# or Node?
• What version of Teams are you running?
• Is this the Teams app, or in a browser?
• I need more details to attempt a reproduction. What else is this bot doing? Are you just trying to login to teams and that's it?
• Did you follow any specific samples when implementing this?
• Any other relevant info about your implementation that might help?

[shrutinehra]

What are your development system's OS and CPU models? Windows 10

What type of bot is this, C# or Node? C#

What version of Teams are you running? both web app of teams and teams app

Is this the Teams app, or in a browser? Both.. SSO works in a direct line but not in teams. It does not work in Teams browser application as wells as teams app

I need more details to attempt a reproduction. What else is this bot doing? Are you just trying to login to teams and that's it?
Bot is trying to do many things but first step as a company policy is to attempt SSO to authenticate.

Did you follow any specific samples when implementing this? https://docs.microsoft.com/en-us/composer/how-to-use-oauth?tabs=v2x

Any other relevant info about your implementation that might help? sometimes it works and sometimes it does not

[anishprasad01]

I was able to reproduce this issue. I will attempt to see if any workarounds or solutions already exist.

[anishprasad01]

@clearab,

Do you happen to know if this is a known Teams issue or implementation pitfall? It doesn't appear to affect other channels.

[clearab]

I haven't heard anything

• is the app actually installed using an app package? (not just sending a proactive message and/or talking to the bot by ID)
• is the AAD app or bot registration getting re-used between a bunch of apps (common in the dev/test cycle)?
• is there anything consistent about when it repro's? particular type of user maybe?
• Is there anything consistent about when it works successfully?

[anishprasad01]

Ah, I didn't install it as an app package, so perhaps that's the issue. I will try that and attempt to repro again.

[anishprasad01]

Can confirm I can repro.

• Tested with a bot installed with an app package in Teams and published in Azure
• Unique bot registration in a RG created just for this test.

@shrutinehra, Could you please provide more details as per Andrew's questions?

[z0h3]

@anishprasad01
Have the same problem on Ubuntu 20.04, Teams version 1.4.00.26453 amd64. I checked both web and app versions. In web version I don't have the error, but nothing happens after clicking on sign-in button. My bot was registered in AppStudio. I'm using Azure Active Directory V2 Identity Provider for OAuth for web app. I have only Teams channel.
I checked connection via "Test connection" feature in Azure for OAuthProvider and it works correctly. (Test Connection to 'test_microsoft_teams_temp' Succeeded)

      <PackageReference Include="Microsoft.Bot.Builder" Version="4.15.0" />
      <PackageReference Include="Microsoft.Bot.Builder.Dialogs" Version="4.15.0" />
      <PackageReference Include="Microsoft.Bot.Builder.Integration.AspNet.Core" Version="4.15.0" />
      <PackageReference Include="Microsoft.Graph" Version="4.11.0" />

I tried to use OAuthPrompt from Microsoft.Bot.Builder.Dialogs:

type AuthenticationDialog(connectionName) =
    inherit ComponentDialog(nameof(AuthenticationDialog))
    do
        base.AddDialog(OAuthPrompt(
                nameof(OAuthPrompt),
                OAuthPromptSettings(
                    ConnectionName = connectionName,
                    Text = "Please Sign In",
                    Title = "Sign In",
                    Timeout = 300000,
                    EndOnInvalidMessage = true
                )
            )) |> ignore
        
        base.InitialDialogId <- nameof(OAuthPrompt)

And I tried to use just OAuthCard:

  let client = turnContext.TurnState.Get<UserTokenClient>()
  let! signInResp = client.GetSignInResourceAsync(connectionName, turnContext.Activity :?> Activity, null, ct)
  let oauthCard =
      OAuthCard("Please auth!",
                connectionName,
                List([|CardAction(ActionTypes.Signin, "Auth", text="Auth text", value=signInResp.SignInLink)|]))
  oauthCard.TokenExchangeResource <- signInResp.TokenExchangeResource

  let authMessage = MessageFactory.Attachment(
                      Attachment(ContentType = OAuthCard.ContentType,
                                 Content = oauthCard))
  log.LogInformation $"{JObject.FromObject(signInResp)}"
  let! _ = turnContext.SendActivityAsync(authMessage, ct)

I'm sending a sign-in action in OnMessageActivityAsync method in TeamsActivityHandler as reply for any message from an user.

From the last snippet, I logged and copied the auth link from signInResp and opened it in a browser. A tab in the browser just was closed.

UPD:
These videos helped me to solve the problem:
https://www.youtube.com/watch?v=ovPr1XCS9wc
https://www.youtube.com/watch?v=Kt2I7B96aa4

[shrutinehra]

is the app actually installed using an app package? (not just sending a proactive message and/or talking to the bot by ID) I tried with both directly talking to bot by Id and by installing it. Same problem

is the AAD app or bot registration getting re-used between a bunch of apps (common in the dev/test cycle)? No

is there anything consistent about when it repro's? particular type of user maybe? No.. It's happening for every user.

Is there anything consistent about when it works successfully? leaving the bot for a day after installing it did work once for me but not for other users.

[nikhsr]

If you happen to be using Microsoft AD then in your teams manifest try adding the following two as a valid domain:
token.botframework.com
login.microsoftonline.com

@shrutinehra

[shrutinehra]

@nikhsr I already have those in the manifest but still, the issue is there.

[anishprasad01]

@nikhsr: Does it work for you when you do this?

@shrutinehra: Is this a new bot, or an existing bot that you then added SSO to?

[WueF]

As mentioned in issue, I have same issue in my bot.

Framework version used: 4.15.0
.NET 6.0

Issue is not relevant to whether bot is accessed by App package or accessed directly via URL.

OAuth card displays this error both in Teams app and in web browser. In web browser I didn't notice any network movement after clicking "Sign in" button, so in my understanding no event is even emited to bot back. Looks like OAuth card is not working at all displaying error.

I have production environment with Framework 4.9.3 and .NET Core 3.1, and OAuth card there works as expected, so issue possibly is somewhere in upgrade of Bot Framework or .NET.

[shrutinehra]

@anishprasad01 It's a new bot.

[WueF]

@anishprasad01 Can you share any info so far, do you have any potential findings or estimations for this issue?

[anishprasad01]

Nothing concrete as of yet. Our investigation thus far has revealed that it doesn't seem to affect all bots, and it's not necessarily tied to the code. I tried re-deploying a bot that had this issue to a new resource, and it operated correctly. It doesn't seem to affect other channels as far as I can see, so it seems confirmed that this is localized to Teams.

We'll keep looking into it, and I will hopefully have more for you as people more familiar with the Teams side of things return from the holiday break.

[nikhsr]

@nikhsr: Does it work for you when you do this?

@shrutinehra: Is this a new bot, or an existing bot that you then added SSO to?

That worked for me. It was an existing bot where I added SSO.
Is your issue still there @shrutinehra ?

[shrutinehra]

it's resolved.... with the published app it worked fine.

[cagrimunyas]

I also have this issue. The Azure app registration has both client ids used for Microsoft Teams Clients (Desktop & mobile clients + Web Clients) yet in browser client (on chrome) , teams raises this same error.

[jasmine-bae]

I also have the same issue (Windows OS, Teams Client Desktop) , however it's not as concrete. On my client (using Teams to deploy with the manifest file), it works fine. 1/2 my users have this same error as above, and the other have of my users are able to get a browser login prompt with error code 53000: "The current browser is not supported, please use Microsoft Edge, Internet Explorer..." Any help is appreciated to debug this.

EDIT: Some users were able to solve this problem by restarting Teams a few times (2+ times) after manually checking for updates. Not sure if this is a Teams issue or a Bot Framework issue.