Skip to content

ikhemissi/local-teams-bot-python-sample

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

LocalBot

Generating a certificate

https://learn.microsoft.com/en-us/entra/msal/python/advanced/client-credentials#client-credentials-with-certificate

Generating a certificate valid for 2 years:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 730 -nodes -subj "/C=FR/L=Paris/O=Example/CN=myproject.teamsapp"

Getting the fingerprint:

openssl x509 -in cert.pem -noout -sha256 -fingerprint

Creating a PEM-ended certificate with both private and public key:

cat cert.pem key.pem > user.pem

Creating the App registration and bot service

Before running the commands below, please make sure that you have a cert.pem file on the root of the projet (generated in the previous step).

azd auth login
azd provision

Running the Teams bot locally

Setting the config

Set environment variables:

MicrosoftAppId=APP_REGISTRATION_CLIENT_ID
MicrosoftAppTenantId=AZURE_TENANT_ID
MicrosoftAppCertificateThumbprint=FINGERPRINT_OF_CERT_DOT_PEM
MicrosoftAppCertificatePrivateKey=CONTENTS_OF_KEY_DOT_PEM

Update the src/teams-app/config.py file and make sure the following variables point to the private certificate:

  • APP_CERTIFICATE_PRIVATE_KEY: contents of the pem-encoded private key in text format
  • APP_CERTIFICATE_PRIVATE_KEY_BINARY: contents of the pem-encoded private key + public key in binary format

Running the bot

Run the application:

cd src/teams-app
python3 app.py

Public exposure

The bot must be publicly reachable. For testing purposes, if you do not have a public IP, you can use a dev tunnel using the command:

devtunnel host -p 3978 --allow-anonymous

You can find more details about dev tunnels in the Get started guide.

Updating the messaging endpoint of the bot

Lastly, you need to update the url of the Messaging endpoint of the bot in the Configuration blade of your Bot service resource.

With a devtunnel, the url will look like https://__DEVTUNNEL_SLUG__.uks1.devtunnels.ms/api/messages.

Using the bot

Testing the bot

To quickly test the bot, you can leverage the Test in Web Chat blade of your Bot service resource. Alternatively, you can use the m365agentsplayground by following the local testing guide.

App manifest

To distribute the Teams app to other users in the tenant, you will need to create a package holding the App manifest and the required icons at least.

To get started quickly, please update the files in the directory appManifest mainly with your App ID and then zip the contents with the following command (the zip must not have folders, it should directly contain the files):

zip appManifest.zip manifest.json outline.png color.png

You should now share this package with your Teams administrator so that they can install the App and make it available to others in the organization.

Permissions

This Teams app requires Graph API permissions in order to fetch previous messages in the conversation, mainly for Group chats and Team channels.

As configured right now, this will require an admin approval to grant these permissions in the App registration in Entra ID.

If this feature is not needed, then you can remove the extra required permissions (for the Graph API) in order to require less permissions for the Teams app.

Roadmap

  • A Teams app deployed locally with certicates and with access to Graph API
  • Handle pagination with Graph API
  • Use delegated permissions instead of Application permissions to access Graph API
  • Migrate to M365 Agents SDK

About

An example of a Teams app which can run anywhere. It uses a SingleTenant App Reg, certificates for authentication, uses Graph API for advanced scenarios, and required resources are deployed with Terraform.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors