MS Teams client & Rasa & Azure authentication

Hello!

We have a setup where we have Microsoft Teams as a client for our bot. Bot itself run in a Docker container setup. So far we have been able to setup everything to we get nice (?) replies as Microsoft AdaptiveCards from Rasa.

Now we should figure out how we can get user credential information from Microsoft Teams into the Rasa custom actions? We would like to get username, email and list of Active Directory groups user belongs into. Is this possible?

Thanks in advance!

BR,

Timo

I am also working on the same thing. Please ensure that you have given proper API permission in Azure for the botframework app, as shown below (add/remove permission based on your requirements):

Follow the documentation Get Team's specific context for your bot - Teams | Microsoft Docs to get the required details.

You can either fetch the details in your custom action before calling your other APIs or set the fetched MS Teams credential information as slot values at the beginning of chat (e.g., greet intent) to avoid redundant info calls from MS Teams.

The other and bit smarter way of doing it would be to customize the rasa botframework connector and implement the fetching and persisting of the credential information from MS Teams at the initiation of the conversation.

1 Like

Thanks Niraj for your reply! This pointed my into the right direction and I can get now the basic user info. It seems that from this teams specific data API I can’t read user’s AD groups? We have idea that access is granted based on to which AD groups user belongs to, instead reinventing groups within our Rasa setup…

You can probably use List members - Microsoft Graph v1.0 | Microsoft Docs to get the AD groups. I haven’t tried it yet, but if this doesn’t work, some other Microsoft Graph API should definitely help.

@Timo Would you mind sharing your implementation of getting the basic user info?

Did you end up getting the user details in the bot framework connector code or in the actions? I am picking this up after a while and wanted to see how you approached it.

Thanks in advance!

1 Like

Yes, work is still in progress but I can share what I have done. It seems that without admin consent for Azure AD for my application it is not possible to find out groups for an AD user. Even the logged in user can’t get the groups he/she belongs to. You need always some level of admin rights. So, current plan is that we will implement group functionality into Rasa by ourselves when that functionality will be requested from us. Currently we have modified versio of botframework.py where we gather users msteams discussion information like discussion id etc. We are storing that into the database. We get also user email address from Windows Graph and we use that as a unique key for a user. I got just functionality ready where we have some timed bot commands for a user, ie cron in the rasa container is sending message on behalf of the user to Rasa and reply goes into the chat discussion in ms teams. I’m not sure what kind of functionality for RBAC is available in Rasa Enterprise??

Hello, I have a similar issue (a wider explanation is in a separate post here) but I don’t need the data from AD at all - the only thing I need is Teams user’s email address and according to what @nchauras said it’s possible with Teams API. My problem is I cannot figure out how to get turnContext in my custom action so I don’t know how to use those methods from MS documentation you linked above. Could you share more details about how to retrieve it, please?

Hi @nchauras - is there a way to get user email without making changes to botframework.py

@mohan If you have conversation_id, you can refer to my get_email method in MSTeamsHelper (refer to attached gist below) to call MSTeams API and fetch the user email.

The following are the links to my custom botframework connector and MSTeams helper:

MSTeamsHelper.py

botframework.py

2 Likes

@nchauras - I tried implementing this but the get_email method is returning an object. What I’m doing wrong.

MSTeams(tracker).get_email()

<coroutine object MSTeams.get_email at 0x0000029C89A33B40>