I'm implementing an MS Teams chat bot using the Microsoft Bot Framework, and I need to send direct messages between users on behalf of the logged-in user. I self-hosted the MS Bot service. Scenario: A Teams user selects a list of other Teams users from an Adaptive Card sent by bot. When they click "Complete" , the bot should initiate direct chat messages between the logined user and the unchecked users. For ex: The logined user send "Sorry, you are not selected this time." message to other user in private chat. This requires delegated permissions , meaning the API call must be made on behalf of the logged-in user . Challenge: MS Graph requires a delegated access token to send messages on behalf of the user. My research suggests that we need to present another Adaptive Card prompting the user to log in, so the bot can obtain the token. However, this creates a poor user experience , as the user is already authenticated in MS Teams. Question: Can we retrieve the access token silently (SSO) when the user clicks "Complete" , without requiring an additional login prompt? If so, how can we securely obtain the token in the bot's source code and use it to call the MS Graph API for sending messages?

How to silently obtain a delegated permission access token from a user while chatting with a bot in MS Teams?

Koala Huynh 25

I'm implementing an MS Teams chat bot using the Microsoft Bot Framework, and I need to send direct messages between users on behalf of the logged-in user. I self-hosted the MS Bot service.

Scenario:

Challenge:

Question:

How to silently obtain a delegated permission access token from a user while chatting with a bot in MS Teams?

Your answer