TypeScript Virtual assistant and Skill
TypeScript
The following error is thrown when attempting authentication
Error: DialogContext.beginDialog(): A dialog with an id of 'AuthPrompt' wasn't found.
at WaterfallStepContext.
at Generator.next (
at D:\home\site\wwwroot\node_modules\botbuilder-dialogs\lib\dialogContext.js:7:71
at new Promise (
at __awaiter (D:\home\site\wwwroot\node_modules\botbuilder-dialogs\lib\dialogContext.js:3:12)
at WaterfallStepContext.beginDialog (D:\home\site\wwwroot\node_modules\botbuilder-dialogs\lib\dialogContext.js:119:16)
at MultiProviderAuthDialog.firstStep (D:\home\site\wwwroot\node_modules\bot-solutions\lib\authentication\multiProviderAuthDialog.js:75:34)
at WaterfallDialog.
at Generator.next (
at D:\home\site\wwwroot\node_modules\botbuilder-dialogs\lib\waterfallDialog.js:7:71
Deploy virtual Assistant and skill. Enable the MultiProviderAuthDialog in the skill
Use the authentication dialog to authenticate with Azure Active Directory v2
Receive login card to sign in
Error: DialogContext.beginDialog(): A dialog with an id of 'AuthPrompt' wasn't found.
at WaterfallStepContext.
at Generator.next (
at D:\home\site\wwwroot\node_modules\botbuilder-dialogs\lib\dialogContext.js:7:71
at new Promise (
at __awaiter (D:\home\site\wwwroot\node_modules\botbuilder-dialogs\lib\dialogContext.js:3:12)
at WaterfallStepContext.beginDialog (D:\home\site\wwwroot\node_modules\botbuilder-dialogs\lib\dialogContext.js:119:16)
at MultiProviderAuthDialog.firstStep (D:\home\site\wwwroot\node_modules\bot-solutions\lib\authentication\multiProviderAuthDialog.js:75:34)
at WaterfallDialog.
at Generator.next (
at D:\home\site\wwwroot\node_modules\botbuilder-dialogs\lib\waterfallDialog.js:7:71
Thanks @tomSauret847 for reporting this issue! As soon as we have any update, we will back to you 😊.
Hi @tomSauret847 - sorry about the delay. We have successfully reproduced the issue using the TypeScript Skill following these steps:
OAuthPromptSettings
array to the MultiProviderAuthDialog
constructorappsettings.oauthConnections
to the properties of botSettings
AADv2
connectionAADv2
connection to the registration in AzureAs soon as we have any update, we will back to you 😊.
Hi @tomSauret847 - we have fixed this issue in this commit.
This was actually a problem in the bot-solutions
library, and we have scheduled the fix to be released with the version 1.0 of the library.
In the meantime, if you want a way to test the fix for yourself, you can follow these steps:
npm install
to install its dependencies.npm run build
to build the solution.npm pack
to generate a .tgz
file. It should create a file at the same location, named bot-solutions-version.tgz"bot-solutions": "^1.0.0"
to "bot-solutions": "<PATH_TO_TGZ>"
We will be attentive to your replies 😊.
Thank you for looking into this @Batta32 I am still receiving an error on this process. The error is
Error: Could not find Connection Setting with name {connection name}
I am setting it up the connection as outlined here for setting up the SSO for a skill.
Do we still need to have a authentication connection in each skill with the typescript skills?
Or can we use the single SSO like it is outlined for the C# skills?
If I add the connection on the skill I will get the sign in prompt as you did but I will not receive the token back after completing the log in. If you could clarify if we are needing to setup a single connection in the VA or if we need to setup connections in each of the skills that require authentication.
Thanks @tomSauret847 for your reply. As soon as we have any update, we will back to you 😊!
Hi @tomSauret847 - we have successfully reproduced the issue. It's because the name
property in oauthConnections
of the appsettings.json
differs to the connectionName
property in the OAuthPromptSettings
you are using.
We will continue reviewing this and analyzing the questions you have mentioned above. As soon as we have any update, we will back to you 😊.
The steps we followed to reproduce the issue were:
name
property in oauthConnections
of the appsettings.json
differs to the connectionName
property in the OAuthPromptSettings
you are using_When connectionName and name are different, the issue is reproduced_
_Issue reproduced_
Hi @tomSauret847
Do we still need to have a authentication connection in each skill with the typescript skills?
You need to have an authentication connection in each TypeScript Skill until the version 1.0 of TypeScript Skill is released.
Or can we use the single SSO like it is outlined for the C# skills?
SSO for TypeScript can't be used as it is outlined for the C# Skills since the version 1.0 of TypeScript is not released yet.
Let us know if these helps you 😊.
@tomSauret847 - the error Error: Could not find Connection Setting with name {connection name}
is because the name
property in oauthConnections
of the appsettings
differs to the connectionName
property in the OAuthPromptSettings
you are using.
To solve this, you have to check that both properties are equal.
For more information, you can check the comment of above.
Thank you @Batta32 for looking into this. I can confirm that if I create a connection property on the skill I can get the login prompt. Your comment has brought up another question. We are getting ready to move into testing with our new VA and after that into production. The question I have,
Is this fix for the authentication going to be published to NPM before the 1.0 release?
For our production environment we will need published NPM packages so we would need this fix to be published before we can move this VA into production. I will be attentive to your answer.
@tomSauret847 - Thanks for your reply! We are adding these fixes in the PRs of TypeScript version 1.0:
[TypeScript][Bot-Solutions] Implement changes in Bot-Solutions to 1.0 release
[TypeScript][Virtual Assistant] Implement changes in Virtual Assistant to 1.0 release
[TypeScript][Skill] Implement changes in Skill to 1.0 release
We will inform you as soon as we have any update on this. Meanwhile, we are working on validating the Authentication process in TypeScript.
@tomSauret847 - we identified another issue that the Skill State variable was _undefined_ during the Authentication process.
We took as a guide the PR #3561 which sets a default value for the Skill State accessor that we incorporated in this commit.
After applying these changes, the authentication process correctly works. This issue will be fixed as soon as the TypeScript v1.0 is merged.
This is our environment using this branch: feature/southworks/test-fix-auth-skill
:
In the meantime, if you want a way to test the fix for yourself, you can follow these steps:
npm install
to install its dependencies.npm run build
to build the solution.npm pack
to generate a .tgz file. It should create a file at the same location, named bot-solutions-version.tgz"bot-solutions": "^1.0.0"
to "bot-solutions": "<PATH_TO_TGZ>"
npm install
to install its dependencies.npm run build
to build the solution.We're attentive to your answer. 😊
_SkillState variable getting an undefined value_
_Authentication process correctly working_
Thank you again @Batta32! I did use the 1.0 package for the testing. I still need to keep a connection setting in the skill, but I am able to get the authentication to work. I was able to see where the VA is receiving the token response and forwarding that to the skill to process.
@Batta32 We have setup authentication in 2 of our skills and it is working good in the Teams channel. The direct line channel is not getting past the authentication prompt. The skill is not receiving the token back after successful login. This issue is only present in our direct line channel. We are using the sample direct line client that was provided and enabled the enhanced authentication options so we do not enter the "Magic code". It worked before adding the enhanced authentication but after adding this feature the skill is no longer receiving the token response back. If we cancel out of the skill and go back into that dialog the token will be present and we can complete the dialog. Let me know if you have any thoughts on what might be causing this.
Thanks @tomSauret847, we will be reviewing that scenario and we will back to you as soon as we can!
Just to start to review the scenario:
Thank you again @Batta32 for looking into this. We are using the direct line sample from the botbuilder-solutions repo located here
The "magic code" is explained some in this stack overflow question here
It is just the code the bot user is required to copy and paste back into the conversation after successfully authenticating. By implementing the enhanced authentication it removes this step for the bot user so they only need to authenticate and the conversation moves forward as the token is passed back to the bot behind the scenes.
Thanks a lot @tomSauret847, we will be reviewing this and we will let you know any update here 😊!
Hi @tomSauret847, we could not reproduce this issue as we have the authentication scenario correctly working.
We came up with some questions for you:
This is the setup we've been using:
{
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AllowedHosts": "*",
"BotName": "skillbot-name",
"DirectLineSecret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"EnableDirectLineEnhancedAuthentication": true,
"SpeechServiceRegionIdentifier": "",
"SpeechServiceSubscriptionKey": ""
}
The steps we followed are:
We will be attentive to your answer.
Thank you @matiasroldan6 for looking into this. To answer your questions
We do have the user ID set to "dl_xxxx" in the direct line client
We have the Azure AD v2 authentication in the connection on the Skill and VA
We have the appsettings.json of the direct line client set the same as you have above
We are unable to use the direct line channel on the skill and only use it on the VA
We are able to use Authentication in the Teams channel with the only issue is the dialog messages are out of order. It is failing to send the first stepContext.context.sendActivity('message') until a minute later in the conversion. This only happens on dialogs that have authentication include in them and in the Teams channel only.
We are using the bot-solutions 1.0 that is located here
Please let me know if you need anymore information on the skill and VA
Hi @tomSauret847, we could reproduce an occurrence of this issue.
In our scenario, the problem were the trusted origins addresses set in the Directline channel. For instance, the Directline popup states that the trusted origins need to be _https_, or _http_ for _localhost_. This would explain Directline as the only channel that's failing for you.
To check in case this is also your problem, can you try to set as trusted origins:
Your bot address (either https://xxxxx.azurewebsites.net or https://xxxx.ngrok.io if you are debugging locally)
Your localhost if you need it, as http://localhost
The setting to reproduce this was:
Our repro steps were:
Please let us know if this is of any help. We'll be attentive to your responses.
Thank you @matiasroldan6 for looking into this. The settings you show above are the same as we are using. We removed the localhost route and just have the bot address in the trusted origins for the direct line channel (https://xxxxx.azurewebsites.net). The skill is still unresponsive after the sign in prompt and if we cancel the conversation and invoke the skill again it will have the token and continue the dialog. We are still unable to get the skill to receive the token after the user signs in.
Thanks for your reply @tomSauret847 - we will keep working on this trying to find the fix for this issue 😊.
We have questions in order to understand how you are using the azurewebsites.net
endpoint taking into account the version 1.0 of bot-solutions (PR #3583):
Messaging endpoint
of your published Web App Bot (Virtual Assistant)?.tgz
package of the library. Is this correct?Thank you @Batta32
Thanks @tomSauret847, we will continue reviewing this issue with this new information that you provided! As soon as we have any update, we will back to you 😊.
Hi @tomSauret847, we successfully reproduced an occurrence of this issue.
One thing we noticed from your previous responses is that you're using your bot URL as a trusted origin.
According to this comment, and this documentation, you should have the URL of your chat client.
Our setup was:
Steps:
We will continue reviewing this issue as we confirmed and as you mentioned, that in Microsoft Teams and Emulator this is working.
Hi @tomSauret847, we successfully executed the authentication process using Enhanced Authentication.
We came up with some questions so you can check in our side:
<WEB_APP_BOT_NAME>
with the name of your bot resource? Check if you have the node_modules
, lib
, and the rest of the folders.This is our environment:
We followed these steps:
.tgz
file on both samples"bot-solutions": ".//TGZ//bot-solutions-1.0.0.tgz"
of the botsdeploy.ps1
publish.ps1
scriptrun sample dialog
Last but not least, we confirmed the same steps using C# bots and checked that is correctly working too.
We will be attentive to your reply 😊
_Configuration of the Enhanced Authentication_
_Successful communication using Enhanced Authentication and TypeScript bots_
_Successful communication using Enhanced Authentication and C# bots_
Thank you @VictorGrycuk. Sorry for the late response we needed to setup a testing instance to verify the fix. We have been able to get the authentication to work in the test instance and have narrowed down where the issue is.
For our instance of the VA /Skills we have them behind a app gateway with a firewall. It appears this is the reason the enhanced authentication is not working. When we implement this on a VA and skill outside of that configuration it is working properly. the app gateway places another host in the mix and we are thinking this is what is blocking the token. So we have the following question,
Is there a way to get the enhanced authentication to work with a bot behind an App Gateway?
Great @tomSauret847! We will do a research and some tests in order to review a way to get the enhanced authentication working with a bot behind an App Gateway.
As soon as we have any update for this, we will let you know here 😊.
Hi @tomSauret847, we did a little research, and we came up with some questions.
We will be attentive to your answer 🙂
Thank you for responding @VictorGrycuk here is the answers to our questions,
We are testing with the bots deployed to Azure. We are unable to create a tunnel to test locally.
Yes we are using a Azure application gateway with a WAF as outlined in your link
These are TypeScript bots (VA and 2 Skills with authentication) we are only using 1 C# skill to get around the synchronous loop issue and it has no authentication in it.
Hi @tomSauret847, sorry for the delay - we think it should be possible to use Enhanced Authentication with an Azure App Gateway having the bots behind it.
A couple of additional questions:
Components:
Configuration:
We will be working on replicating this scenario.
Thank you @VictorGrycuk The answers to your questions are
Can you connect to the Virtual Assistant with an emulator using the Gateway's public IP? In our testing we confirmed that this is possible
Can you connect and communicate with a skill through the VA without enhanced communication?
Hi @tomSauret847, we can confirm that Enhanced Authentication does work with the bots behind an Azure Application Gateway.
We created the PR #3694 that includes a new documentation on how to configure an Azure Application Gateway with a deployed bot.
We did our test by following these steps:
As this seems a configuration issue of the Azure Application Gateway, I suggest you to ask in https://stackoverflow.com/questions/tagged/botframework for suggestions; and if you are okay, we can close this issue 🙂.
Thank you @VictorGrycuk We will work through the information that you posted. I did notice already that this link is broken.
Thanks @tomSauret847, that link will lead to Configuring a Gateway's health probe with a TypeScript bot (as well as this image) once the documents are merged into master
branch, as the documentation uses {{site.baseurl}}
to generate the URLs.
@peterinnesmsft - we can close the issue due to inactivity. @tomSauret847 if you are still experiencing issues, feel free to reactivate and we can pick this up again, or create a new issue!
Also, if you have any question, please ask in https://stackoverflow.com/questions/tagged/botframework.
The entire authentication process will be solved as soon as the following PRs are merged for TypeScript version 1.0:
[TypeScript][Bot-Solutions] Implement changes in Bot-Solutions to 1.0 release
[TypeScript][Virtual Assistant] Implement changes in Virtual Assistant to 1.0 release
[TypeScript][Skill] Implement changes in Skill to 1.0 release
Thank you @Batta32 for your assistance on this. We are having to put this section on hold for the moment so I will close this issue and reopen it if we have issues when we pick it back up again.
@Batta32 We have a quick question on this issue. Is the SSO for typescript available yet? We found the issue is our skills are behind a firewall and are unable to receive the token response. When we pass the VA's credentials in it is not forwarding the token to the skill it is just restarting the conversation. If SSO for typescript is not available when do you expect it to be? Thank you for all your help on this issue.
Hi @tomSauret847, SSO is not available for TypeScript currently as it's introduced in 1.0 version. The PRs of TypeScript version 1.0 should be approved and merged in order to release a new version with that feature.
We will let you know as soon as we have any update 😊.
Most helpful comment
Thank you again @Batta32! I did use the 1.0 package for the testing. I still need to keep a connection setting in the skill, but I am able to get the authentication to work. I was able to see where the VA is receiving the token response and forwarding that to the skill to process.