Single sign on for skills
APPLIES TO: Composer v2.x
This article shows how to use the single-sign-on (SSO) feature for skills. To do so, it uses a consumer bot, also known as root bot, to interact with a skill bot.
SSO enables users to sign in to the root bot, and not require signing into each skill bot they use through the root bot. An OAuth input prompt within a skill is allowed to access shared resources on behalf of the root bot's Microsoft Entra ID OAuth connection through a token exchange process. In this example, the token exchange is processed through the Bot.Builder.Community.Components.TokenExchangeSkillHandler package installed within the root bot.
Important
Skill single sign on in Composer is a technical process that involves many steps such as setting up the Microsoft Entra ID applications and configuring Azure resources. A high level of technical proficiency will be necessary to execute this process.
Prerequisites
- A subscription to Microsoft Azure. If you don't have an Azure subscription, you can create a free account.
- A basic bot built with Composer.
- A good understanding of skills in the Bot Framework SDK.
- Install ngrok.
- A local or remote skill, such as the one described in how-to Export a skill.
- Single sign on configured root bot and skill bot described in Add single sign on to a bot, up to the point of the sample.
Add the TokenExchangeSkillHandler package
Your skill and root bot Microsoft Entra ID applications must be configured for OAuth token exchange, and the bot's must be configured with correct OAuth input connection settings.
Open your root bot project.
Add the Bot.Builder.Community.Components.TokenExchangeSkillHandler package to the root bot through the Composer Package manager.
Configure the TokenExchangeSkillHandler in the root bot
Once the package is installed, you need to configure your root bot.
Go to the Configure view for your root bot.
Switch to the Advanced Settings View (json).
Make sure the component is added to the
componentsarray. For example:"components": [ { "name": "Bot.Builder.Community.Components.TokenExchangeSkillHandler", "settingsPrefix": "Bot.Builder.Community.Components.TokenExchangeSkillHandler" } ],To the root of the bot's JSON object, add configuration information for the token exchange handler:
"Bot.Builder.Community.Components.TokenExchangeSkillHandler": { "useTokenExchangeSkillHandler": true, "tokenExchangeConnectionName": "YourTokenExchangeConnectionName" },Republish your root bot.
Now, your root bot can share its OAuth token with the skill.
Further reading
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for