AAD认证直接线小组,禁用安全代码 [英] AAD Authentication Directline & Teams, Disable Security Code
问题描述
我希望让用户在Teams和Directline(在网页上呈现)的v4僵尸程序中进行身份验证,并尽可能减少用户交互.我的代码基于MS BOT示例Github:BotAuthenticationMSGraph,除了配置设置外,没有任何更改.
I would like to have users authenticated in a v4 bot in both Teams and Directline (rendered on webpage) with as little user interaction as possible. My code is based on MS BOT Samples Github: BotAuthenticationMSGraph and has not changed at all besides configuration settings.
现在,该直线会弹出一个额外的选项卡,如果需要的话,还会显示用户名/密码登录,并始终显示六位数字的代码供用户复制/粘贴到聊天窗口中.这样就完成了身份验证.
Right now, the directline pops up an extra tab, if needed presents username/password signin, and always presents six digit code for the user to copy/paste into the chat window. This completes authentication.
目前,在团队中,除了输入凭据(如果需要)之后,弹出窗口随后关闭,然后才能看到代码的问题外,其他操作是相同的.但是,如果我在浏览器中手动完成该过程,则将代码成功粘贴到团队中即可成功完成登录.
Right now, on teams, the operation is the same aside from a problem where after entering credentials (if needed), the popup then closes before the code can be seen. However, if I complete the process manually in a browser, pasting the code into teams successfully completes the signin.
如何禁用对六位数代码的需求?此外,如果有人知道可以阻止团队登录弹出窗口提前关闭的修复程序,请告诉我.
How can I disable the need for a six digit code? Additionally, if anyone knows a fix to prevent the teams signin popup from closing early let me know.
推荐答案
You can make use of OAuthCards for authentication in Microsoft Teams.
https://github.com/Microsoft/BotFramework-WebChat/issues/1001#issuecomment-434530463 是一种涉及网络聊天的解决方案,该解决方案可与AAD一起使用,并且不需要任何魔术代码.
https://github.com/Microsoft/BotFramework-WebChat/issues/1001#issuecomment-434530463 is a solution which involves webchat which works with AAD and no magic code.
https://github.com/Microsoft/BotBuilder/issues/4632#issuecomment-441957719 (请参阅此处的@compulim的评论,他是Web Chat的开发人员,并指定了消除魔术代码流的步骤).
https://github.com/Microsoft/BotBuilder/issues/4632#issuecomment-441957719( refer to @compulim's comment here, who is the developer of Web Chat and has specified the steps to eliminate the magic code flow).
此外,此说明了更安全的机制,用户无需处理任何魔术代码".另外,如果您的浏览器设置为阻止第三方Cookie,它将再次回到魔术代码流.
Additionally, this explains about the mechanism that’s both more secure and users do not need to deal with any "magic code". Also, If your browser is set to block 3rd party cookies, it will again fall back to the magic code flow.
关于您有关团队登录弹出窗口提前关闭的最后一个问题,请参考此涉及类似问题的GitHub问题.
With regards to your last question about the teams signin popup closing early, refer to this GitHub issue which deals with a similar issue.
希望这会有所帮助.
这篇关于AAD认证直接线小组,禁用安全代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
