[Dev support] [JS]: Oauth consent flow not working with regional bot service

[Benjiiim]

Question

With Teams AI Library, how to configure OAuth auth with a multi-tenant regional bot service to make the user consent flow work?

Code snippets

// Values from https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=userassigned%2Caadv2%2Ccsharp#prepare-the-bot-code and https://github.com/microsoft/botbuilder-js/issues/4418

let botFrameworkAuthConfig: ConfigurationBotFrameworkAuthenticationOptions = {
    BotOpenIdMetadata: "https://login.botframework.com/v1/.well-known/openidconfiguration",
    ValidateAuthority: true,
    OAuthApiEndpoint: "https://europe.api.botframework.com",
    OAuthUrl: "https://europe.api.botframework.com",
    ToChannelFromBotOAuthScope: "https://api.botframework.com",
    ToBotFromChannelOpenIdMetadataUrl: "https://login.botframework.com/v1/.well-known/openidconfiguration",
    ToBotFromEmulatorOpenIdMetadataUrl: "https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration",
    ToBotFromChannelTokenIssuer: "https://api.botframework.com",
    ToChannelFromBotLoginUrl: "https://login.microsoftonline.com/botframework.com",
    CallerId: "urn:botframework:azure"
  }

const adapter = new TeamsAdapter(
    botFrameworkAuthConfig,
    new ConfigurationServiceClientCredentialFactory({
        MicrosoftAppId: process.env.BOT_ID,
        MicrosoftAppPassword: process.env.BOT_PASSWORD,
        MicrosoftAppType: 'MultiTenant'
    })
);

Reproduction steps

- From the JS b.oauth-bot sample in the 1.6.1 release.
- In the azurebot.bicep file, replace the three 'global' values by 'westeurope'
- In the index.ts file, replace the TeamsAdapter instantiation code by the code above
- Run the app in local environment (registering the app in Entra ID, deploying the regional Bot Service in Azure and running the code locally).
- In Teams, send a message to the bot
- Wait for the consent banner to appear and click on "Continue"

Expected result

The consent dialog should open to allow the user to grant consent to the requested permission (User.Read)

Result

The consent banner disappears but the consent window never appears.

Additional notes

If admin consent has already been granted for this tenant before, the authentication flow works fine with the above config (user consent flow not needed).

Please note that the user consent flow in Teams works well when runing the sample with no modification (global configuration of the bot service bicep file and with an empty object passed in the TeamsAdapter constructor for the botFrameworkAuthConfig property).

[Nivedipa-MSFT]

@Benjiiim - Thank you for your inquiry about your Teams app development issue! Could you please provide the sample link you are using so that we can test it on our end?

[Nivedipa-MSFT]

@Benjiiim - Could you kindly share the sample link you are testing, so we can investigate it on our end?

[Benjiiim]

@Nivedipa-MSFT > b.oauth-bot

[Nivedipa-MSFT]

@Benjiiim - Thank you for your patience! We were able to reproduce the issue in the Web Teams version 1415/24110115713. We have reported this as a bug for further investigation.

We will keep you updated as soon as we receive further information. Thank you for bringing this to our attention!