Share via

Azure Bot Framework Authentication Failure

Joost Vagevuur | Barney Media 0 Reputation points
2025-12-01T06:58:37.2366667+00:00

We are facing an issue where the Azure Bot Framework Service cannot authenticate using our App Registration, even though the App Registration and Enterprise Application exist in the tenant.

Main Issue

The Bot Service immediately returns: Unauthorized before any OAuth, token request, MSAL flow, or Graph API call happens. This means the failure occurs inside Bot Framework authentication, not during user authentication.

Details App Registration exists Enterprise Application was created after admin consent App ID and Secret are correct Tenant ID is correct Admin consent has been granted Bot Service is connected to the same App ID But the Bot Framework still cannot sign in using this App Registration.

Question

Why is the Bot Framework Service unable to authenticate the bot using the correct App ID + Secret in our tenant?

What tenant configuration or Bot Framework requirement could cause this persistent Unauthorized response, even after consent and setup?

We need help understanding why the Bot Service itself cannot authenticate, so we can proceed with SSO and Teams integration.

Full Error 2025-12-01T06:22:22.0361467Z INFO:merford-bot:HTTP POST /api/messages (channelId=webchat) 2025-12-01T06:22:23.9897581Z INFO:merford-bot:RX activity: type=conversationUpdate name=None channel=webchat convId=83Z3xUQKNLc2gbTcntkKXP-eu svc=https://webchat.botframework.com/ 2025-12-01T06:22:25.4667663Z INFO:merford-bot:get_user_token exception: Operation returned an invalid status code 'Unauthorized'

2025-12-01T06:22:25.9760126Z ERROR:merford-bot:Exception in /api/messages: Operation returned an invalid status code 'Unauthorized'

2025-12-01T06:22:25.9760679Z Traceback (most recent call last):

2025-12-01T06:22:25.9760703Z File "/tmp/8de2e7823e842e6/bot.py", line 530, in messages

2025-12-01T06:22:25.9760729Z asyncio.run(_proc())

2025-12-01T06:22:25.9760745Z File "/opt/python/3.11.14/lib/python3.11/asyncio/runners.py", line 190, in run

2025-12-01T06:22:25.9760759Z return runner.run(main)

2025-12-01T06:22:25.9760773Z ^^^^^^^^^^^^^^^^

2025-12-01T06:22:25.9760889Z File "/opt/python/3.11.14/lib/python3.11/asyncio/runners.py", line 118, in run

2025-12-01T06:22:25.9760904Z return self._loop.run_until_complete(task)

2025-12-01T06:22:25.9760919Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

2025-12-01T06:22:25.9760937Z File "/opt/python/3.11.14/lib/python3.11/asyncio/base_events.py", line 654, in run_until_complete

2025-12-01T06:22:25.9760951Z return future.result()

2025-12-01T06:22:25.9760964Z ^^^^^^^^^^^^^^^

2025-12-01T06:22:25.976098Z File "/tmp/8de2e7823e842e6/bot.py", line 528, in _proc

2025-12-01T06:22:25.9760997Z return await adapter.process_activity(activity, auth_hdr, handle_activity)

2025-12-01T06:22:25.9761013Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

2025-12-01T06:22:25.9761032Z File "/tmp/8de2e7823e842e6/antenv/lib/python3.11/site-packages/botbuilder/core/bot_framework_adapter.py", line 445, in process_activity

2025-12-01T06:22:25.9761066Z return await self.process_activity_with_identity(activity, identity, logic)

2025-12-01T06:22:25.9761084Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

2025-12-01T06:22:25.9761105Z File "/tmp/8de2e7823e842e6/antenv/lib/python3.11/site-packages/botbuilder/core/bot_framework_adapter.py", line 487, in process_activity_with_identity

2025-12-01T06:22:25.9761119Z await self.run_pipeline(context, logic)

2025-12-01T06:22:25.9761139Z File "/tmp/8de2e7823e842e6/antenv/lib/python3.11/site-packages/botbuilder/core/bot_adapter.py", line 181, in run_pipeline

2025-12-01T06:22:25.9761152Z raise error

2025-12-01T06:22:25.976117Z File "/tmp/8de2e7823e842e6/antenv/lib/python3.11/site-packages/botbuilder/core/bot_adapter.py", line 174, in run_pipeline

2025-12-01T06:22:25.9761186Z return await self._middleware.receive_activity_with_status(

2025-12-01T06:22:25.9761201Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

2025-12-01T06:22:25.9761221Z File "/tmp/8de2e7823e842e6/antenv/lib/python3.11/site-packages/botbuilder/core/middleware_set.py", line 69, in receive_activity_with_status

2025-12-01T06:22:25.9761252Z return await self.receive_activity_internal(context, callback)

2025-12-01T06:22:25.9761268Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

2025-12-01T06:22:25.9761286Z File "/tmp/8de2e7823e842e6/antenv/lib/python3.11/site-packages/botbuilder/core/middleware_set.py", line 79, in receive_activity_internal

2025-12-01T06:22:25.9761301Z return await callback(context)

2025-12-01T06:22:25.9761315Z ^^^^^^^^^^^^^^^^^^^^^^^

2025-12-01T06:22:25.976133Z File "/tmp/8de2e7823e842e6/bot.py", line 304, in handle_activity

2025-12-01T06:22:25.9761373Z await turn_context.send_activity("👋 Hi! Please sign in to continue.")

2025-12-01T06:22:25.9761394Z File "/tmp/8de2e7823e842e6/antenv/lib/python3.11/site-packages/botbuilder/core/turn_context.py", line 174, in send_activity

2025-12-01T06:22:25.976141Z result = await self.send_activities([activity_or_text])

2025-12-01T06:22:25.9761442Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

2025-12-01T06:22:25.9761461Z File "/tmp/8de2e7823e842e6/antenv/lib/python3.11/site-packages/botbuilder/core/turn_context.py", line 226, in send_activities

2025-12-01T06:22:25.9761478Z return await self._emit(self._on_send_activities, output, logic())

2025-12-01T06:22:25.9761493Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

2025-12-01T06:22:25.9761512Z File "/tmp/8de2e7823e842e6/antenv/lib/python3.11/site-packages/botbuilder/core/turn_context.py", line 304, in _emit

2025-12-01T06:22:25.9761525Z return await logic

2025-12-01T06:22:25.9761539Z ^^^^^^^^^^^

2025-12-01T06:22:25.9761557Z File "/tmp/8de2e7823e842e6/antenv/lib/python3.11/site-packages/botbuilder/core/turn_context.py", line 221, in logic

2025-12-01T06:22:25.9761573Z responses = await self.adapter.send_activities(self, output)

2025-12-01T06:22:25.9761588Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

2025-12-01T06:22:25.9761621Z File "/tmp/8de2e7823e842e6/antenv/lib/python3.11/site-packages/botbuilder/core/bot_framework_adapter.py", line 728, in send_activities

2025-12-01T06:22:25.9761635Z raise error

2025-12-01T06:22:25.9761653Z File "/tmp/8de2e7823e842e6/antenv/lib/python3.11/site-packages/botbuilder/core/bot_framework_adapter.py", line 718, in send_activities

2025-12-01T06:22:25.9761669Z response = await client.conversations.send_to_conversation(

2025-12-01T06:22:25.9761684Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

2025-12-01T06:22:25.9761705Z File "/tmp/8de2e7823e842e6/antenv/lib/python3.11/site-packages/botframework/connector/aio/operations_async/_conversations_operations_async.py", line 260, in send_to_conversation

2025-12-01T06:22:25.976172Z raise models.ErrorResponseException(self._deserialize, response)

2025-12-01T06:22:25.9762062Z botbuilder.schema._models_py3.ErrorResponseException: Operation returned an invalid status code 'Unauthorized'

authentication code

bot config // only single tenant option i found

App registration // selected as muliti tanent

Azure AI Bot Service
Azure AI Bot Service
An Azure service that provides an integrated environment for bot development.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-01T06:58:49.18+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The issue you're experiencing with the Azure Bot Framework Service returning an "Unauthorized" response can stem from several potential misconfigurations or requirements not being met. Here are some factors to consider:

    1. App Registration Configuration: Ensure that your App Registration is correctly configured for the Bot Framework. This includes verifying that the App ID and Secret are correctly set in your bot's configuration. If the App Registration is set to single-tenant, it may restrict access to only users within that tenant. Make sure it is configured as a multi-tenant application if you intend to allow users from other tenants to access it.
    2. Service Principal: Check if a Service Principal has been created for your App Registration. If it does not exist, you may need to create one. This is crucial for the bot to authenticate properly within the Azure environment.
    3. Admin Consent: Although you mentioned that admin consent has been granted, it's important to verify that the consent includes all necessary permissions for the bot to operate correctly. Sometimes, specific API permissions may require explicit consent.
    4. Token Endpoint Configuration: Ensure that the bot is correctly configured to use the appropriate token endpoint. The Bot Framework typically interacts with the Microsoft identity platform for authentication, and any misconfiguration here can lead to authentication failures.
    5. OAuth Scopes: Make sure that the OAuth scopes requested by your bot are correctly set up and that they align with the permissions granted in the App Registration.
    6. Testing on Localhost: If you're testing locally, ensure that the bot's endpoint is configured correctly in the Bot Framework Emulator, including the use of http instead of https for local testing.

    If you've checked all these configurations and the issue persists, consider reviewing the detailed logs for any specific error messages that could provide more insight into the authentication failure.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.