š„Building a Teams Bot with AI Capabilities - Part 4 - Receiver Lambda for OAuth2 Tokens and Stateš„
aka, I don't want to authenticate to SSO each time I send you a message
This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!
These articles are supported by readers, please consider subscribing to support me writing more of these articles <3 :)
This article is part of a series of articles, because 1 article would be absolutely massive.
Part 3: Delegated Permissions and Making Lambda Stateful for Oauth2
Part 4 (this article): Building the Receiver lambda to store tokens and state
Hey all!
In the series so far weāve registered an App Registration (permissions), an Azure Bot (Teams back-end Bot infra and link to permissions), and built a bot in the Teams Developer Portal (register name in Teams App). We also talked about how weāll be building this Teams app with Delegated access tokens exclusively, which means weāll need to establish some state for the tokens and conversations.
The use case for storing those two things are very different:
Storing Conversations - We only have one function URL, so we need some routing - on first contact, weāll push a āCardā to Teams to send users to the SSO login portal, and when the OAuth2 token is pushed to us, weāll do our AI stuff. Since the first instance has shut down and discarded state, weāll need to store the first contact payload to resume it when we have the token on second run!
Storing Tokens - Since our app is stateless, once we receive the token and run, the lambda shuts off and we lose the token. If we store it for next run, users donāt need to provide a token on each run!
Weāll go over this in more depth as we walk through the code.
If you donāt care about the walk-through, and would rather just skip to the codebase, weāll be walking through this Receiver lambda code:
github.com/KyMidd/TeamsAIBot/blob/master/lambda/src/receiver.py
Weāll have one lambda handle several different logic paths:
Teams event inbound, we donāt have a token (or token is expired)
Build āCardā, push to user
Store Conversations for pickup when token received
Direct them to SSO so they can authorize an OAuth2 token for us
Teams event inbound, we have a token
Build payload, pass to Worker
OAuth2 token inbound
Store token
Find resumed Conversation and build payload around it
Pass to Worker
Lets talk about the first one first (as it should be)
Keep reading with a 7-day free trial
Subscribe to Let's Do DevOps to keep reading this post and get 7 days of free access to the full post archives.