Feature Request
Including @cwhitten and @darrenj.
Is your feature request related to a problem? Please describe.
The current SSO sample handles the most flexible case of SSO, hybrid conversation with anonymous and authenticated chats.
For Intranet scenario, we could simplify it by forcing the end-user to authenticate before a conversation can be started (or, before the end-user land on the page).
Describe the suggestion or request in detail
- Simplifies the current SSO sample
- Detects whether we have a valid OAuth access token
- If yes, continue and send it to the bot on start
- If no, redirect the user to OAuth provider
- When the user land on the page, they must be authenticated
- On conversation start, we will send the bot the OAuth access token
Describe alternatives you have considered
- Using IIS authentication
- Using refresh token to eliminate popups
- Because of the privilege granted by refresh token, it need to be handled in a very secure way (only servers are allowed to store the token, browsers should not store the token)
- This will negate the simplicity of the sample
[Enhancement]
Feature Request
Is your feature request related to a problem? Please describe.
The current SSO sample handles the most flexible case of SSO, hybrid conversation with anonymous and authenticated chats.
For Intranet scenario, we could simplify it by forcing the end-user to authenticate before a conversation can be started (or, before the end-user land on the page).
Describe the suggestion or request in detail
Describe alternatives you have considered
[Enhancement]