I have implemented Teams bot and authenticating it using managed identity.But getting below error:
Tried to get token using Managed Service Identity. Access token could not be acquired. Received a non-retryable error. MSI ResponseCode: BadRequest, Response: {"error":"invalid_request","error_description":"Identity not found"}
at Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider.GetAuthResultAsyncImpl(String resource, String authority, Boolean forceRefresh, CancellationToken cancellationToken)
at Microsoft.Bot.Connector.Authentication.ManagedIdentityAuthenticator.AcquireTokenAsync(Boolean forceRefresh)
at Microsoft.Bot.Connector.Authentication.Retry.Run[TResult](Func`1 task, Func`3 retryExceptionHandler)
I have created bot managed identity and using that identity while creating azure bot.I have bot code deployed on AKS(kubernetes) cluster.And added owner role to the managed identity of bot in AKS.
Based on documentation, connector service will take care of generating token based on values provided in appsettings.deve.json
What is the possible issue here?
2
Answers
you can follow the steps mentioned in the "Use managed identities on a virtual machine to acquire access token – Azure AD" document".
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/active-directory/managed-identities-azure-resources/how-to-use-vm-token.md
Error Message:
From your error message, it looks like your Bot’s user-assigned managed identity can’t be found. From the documentation, can you make sure that when you Created the Azure AD identity provider, that the App Registration you created is in the same tenant are your Bot service.
Note: You’ll also need to make sure you assigned the Application (client) ID and the Client secret, when you create the connection string and register the identity provider with the bot registration. For more info – Register the Azure AD identity provider with the bot.
I hope this helps!