I am building a bot using Microsoft Botbuilder for Microsoft Teams. I have read about authentication, but the examples all authenticate (AFAIK) the end user onto the bot. What I want is the bot authenticating itself using a custom AD account specific for the bot. This bot will connect to Teams, a O365 group calendar, and possibly other Microsoft products.
How is something like this achieved? I couldn't find any examples whatsoever that does this, is it even possible?
As of now, the Azure Bot Service and v4 SDK has authentication capabilities to make it easier to authenticate users to various identity providers such as GitHub, Azure AD, Uber, etc. Whenever you register a bot in Azure, it gets assigned an Azure AD app. However, this app secures channel-to-bot access. You need an additional AAD app for each application that you want the bot to be able to authenticate on behalf of the user.
The Azure Bot Service also allows you to configure authentication for a custom OAuth2 identity provider. This enables you to write one piece of authentication code that works across all supported identity providers and channels. For your above requirement, you can make use of the end user authentication. It is generally not advisable to just allow a bot to do tasks for unauthorized users and the Azure Bot Service does not have a mechanism supported for the bot to authenticate itself.
Hope this helps.
