I was able to create authenticate users against AD v2 (Graph) but Azure DevOps isn't part of Graph API so I need to authenticate the users against Azure DevOps directly.
On the DevOps new app registration:
When I tried to set the Authorization callback URL to https://token.botframework.com/.auth/web/redirect I get an error saying the url is already used (bug?), I've set it to https://token.botframework.com/.auth/web///redirect and it was accepted.
Now I have:
- App ID
- App secret
- Client Secret
- Authorize URL
- Access Token URL
- Authorized Scopes
On the Azure Bot connection setting I choose Generic Oauth 2 and set the following: (used this page)
- Client Id: < DevOps app's
app id> - Client secret: < DevOps app's
client secret> - Authorization < URL: DevOps app's
Authorize URL> - Token URL: < DevOps app's
Access Token URL> - Refresh URL: < DevOps app's
Authorize URL> (wrong?) - Scopes: < DevOps app's
Authorized Scopes>
Now as I hit the 'Test Connection' I get 400 BAD REQUEST with:
Exception of type 'Microsoft.VisualStudio.Services.Web.Profile.Controllers.DelegatedAuthorizationException' was thrown.
Any ideas?
Update: Looks like it's indeed the callback issue. Azure DevOps won't accept existing callback URL (I've opened a bug and it was closed by them). Bot Framework guys are still looking into this, if they'll generate per-bot URL (as they should) it will probably solve the issue
