This post describes the background of Profit.co teams bot implementation using the MS graph API with the scope.
Installation & Authentication Process
Install Profit.co bot from the app store.
Please refer how to install Profit.co bot on MS Teams
Once the bot is installed, the bot has to be authenticated with your Profit.co account. This process links your Profit.co bot with your Profit.co account. To perform this step, just enter “login” in the bot.
This opens a panel to login:
Here, we have two ways to authenticate with your profit.co account.
- Use your Profit.co’s username and password.
- Simply click “office 365” to authenticate your profit.co through OAuth2 (SSO). You can use your office 365 credentials to login.
Here, Profit.co is asking for your permission to sign you in and to use your profile information. The exact MS Teams scope name that is requested here is:
email openid profile User.Read
Using this scope, Profit.co gets:
- Email address of the logged in user
- Tenant id
- Access & refresh tokens
These will be used to push the message from your Profit.co cloud application to the bot.
Messaging between Profit.co & MS Teams
- Whenever a message needs to be delivered to a user, the Access token will be used to post the message to the bot with the MS graph API. This access token expires periodically — default is 90days, but can be changed by the admin.
- When the access token expires, we’ll use the Refresh token to regenerate a new access token.
- Tenant id is used to identify the account where the data has to be posted.
- These tokens and tenant Id will be persisted in Profit.co, to be used in the messaging calls using the Microsoft graph APIs to push data to the bot. Please, refer the doc for further details about the tokens
Please, refer the doc for further details about the tokens.