I am using Microsoft Teams and want to schedule meetings with a bot created with the Microsoft Bot Framework. I wondered why I have to use authentication in Teams to access MS Graph for example https://docs.microsoft.com/en-us/azure/bot-service/bot-builder-tutorial-authentication because I am already signed in via the Teams application, or not?
Can anyone help me with this?
"You" in this case means two things: "You the user of Teams" and "You the developer of the Bot". For a "regular" user those two are separate things. As a result, yes, the USER is signed into TEAMS, but they haven't given (i.e. delegated to) YOUR BOT the rights (i.e. the authorisation) to connect to other services (even the Microsoft Graph) on his/her behalf. That's the part you need to deal with by sending a "signin" card.
If the opposite were true, and by simply connecting to your bot, the user was automatically giving it rights to access ANYTHING on his/her behalf, it would be a HUGE security risk.
In order to make calls to Graph API, your bot needs to get the permissions required to make that call and you do authentication to give those permissions to the app.
Picking up the signin details from Teams application and not asking for signin to app specifically, is called as Single-Sign On(SSO).When you implement SSO for Bot, you will not ask user to signin to the app, you just need to provide consent to the app. This feature is currently available in developer preview and is only available for Teams tabs. We are currently working on implementing this in bots, but we do not have an ETA for that.
