Botframework-sdk: Authorization for Microsoft App ID failed with status code Unauthorized and reason phrase 'Unauthorized'

hi @sogeg - can you provide more details about your issue?

Environment

• Operating System:
  
  
  
  • Windows
  
  
  • macOS
  
  
  • Linux
  
  
• SDK Platform:
  
  
  
  • C#/.NET
  
  
  • Node.js
  
  
• SDK version:
• Development environment:
  
  
  
  • localhost
  
  
  • Azure Web App
  
  
  • Azure Bot Service App
  
  
  • other
  
  
• If you are using the Node.js SDK:
  
  
  
  • Node.js version:
  
  
  • NPM version:
  
  

Issue

What the issue is, in broad strokes. Link to Stack Overflow post.

Example Code

The code snippet or complete bot example (preferred) that demonstrates the issue.

Steps to Reproduce

Please provide the shortest amount of steps to reproduce your issue.

Expected Behavior

What you expected to happen.

Actual Results

What actually happened. Please give examples and support it with screenshots, copied output or error messages.

Hello @nwhitmont thank you for your reply.
The Operating System is Windows 2012 R2,
SKD Platform C#, Version 3.5.5.0.

The Deployment Environment is Windows 2012 R2, IIS Server

Issue:
The issue is that I can send proactive message for only some hours after the message I receive from the user. After about 20H I get an Unauthorized exception. Am I doing something wrong, or is there a time window?

Step 1: I save conversation info after I receive a message from the user.

//[BotAuthentication] Decorates Class
public async Task<HttpResponseMessage> Post([FromBody]Activity activity)
{
      if (activity.Type == ActivityTypes.Message)
      {
             SkypeConversation skypeConversation = new SkypeConversation();
             skypeConversation.FromId = activity.From.Id;
             skypeConversation.FromName = activity.From.Name;
             skypeConversation.ConversationId = activity.Conversation.Id;
             skypeConversation.Exceptions = 0;
             skypeConversation.RecipientId = activity.Recipient.Id;
             skypeConversation.RecipientName = activity.Recipient.Name;
             skypeConversation.ServiceUrl = activity.ServiceUrl;
             //Entity Framework Save
            db.SkypeConversations.Add(skypeConversation);
            db.SaveChanges();
      }
}

Step 2: I use the SkypeConversation object to send a proactive message (bot triggered)

//[BotAuthentication] Decorates Class

public async Task SendMessage(SkypeConversation skypeConversation, String text, String locale = null)
        {
            try
            {
                String skypeText = text.Replace("\r\n", ", \n\n");

                var userAccount = new ChannelAccount(name: skypeConversation.FromName, id: skypeConversation.FromId);
                var botAccount = new ChannelAccount(name: skypeConversation.RecipientName, id: skypeConversation.RecipientId);

                var connector = new ConnectorClient(new Uri(skypeConversation.ServiceUrl));
                var conversationId = await connector.Conversations.CreateDirectConversationAsync(botAccount, userAccount); 
                IMessageActivity message = Activity.CreateMessageActivity();
                message.From = botAccount;
                message.Recipient = userAccount;
                message.Conversation = new ConversationAccount(id: conversationId.Id);
                message.Text = skypeText;
                message.ChannelId = "skype";
                if (locale == null)
                    message.Locale = "en-Us";
                else
                    message.Locale = locale;

                await connector.Conversations.SendToConversationAsync((Activity)message);
            }
            catch(Exception ex)
            {
            }
       }

In the first hours everything works fine. However after about 20H I get the following exception:

System.UnauthorizedAccessException: Authorization for Microsoft App ID 344dd93f-9056-4b47-9f21-28704ffabb87 failed with status code Unauthorized and reason phrase 'Unauthorized' ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized). at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() at Microsoft.Bot.Connector.JwtTokenRefresher.d__2.MoveNext() --- End of inner exception stack trace --- at Microsoft.Bot.Connector.JwtTokenRefresher.d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) at Microsoft.Bot.Connector.Conversations.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Bot.Connector.ConversationsExtensions.d__17.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() at EscapeAll.Skype.Utilities.d__0.MoveNext() in C:\Users\G\Documents\Visual Studio 2015\Projects\Esc\XXXX\Skype\Utilities.cs:line 25

What I expected was to continue to send messages as in the first 20Hours.

Thank you for your help :)

Maybe I need offline_access scope? I noticed that when I send a message to the skype account, everything works again

Proactively messages from another server is big problem

@sogeg are you still having this problem in the newest version of the SDK 3.8.1 at the time of writing this?

I am also having the same problem. I am on version 3.8.1 of the SDK.

I can repro the same behavior in the above case plus after every deploy (or restart) of my web application - I am on version 3.8.1 as well.

You need to add a call to
MicrosoftAppCredentials.TrustServiceUrl(serviceUrl);
This is done automatically when you are replying to a message, but not when using the ConnectorClient

@EricDahlvang Thanks!
MicrosoftAppCredentials.TrustServiceUrl(serviceUrl);
That seems to work. I have no issue after 48 hours after the first message.

Hi I am having the same problem. I have already used MicrosoftAppCredentials.TrustServiceUrl(serviceUrl);
It was working fine but after 7 hours it starts giving the same error

@sakshisa27 Please open a new issue, describing your problem in detail. This issue is closed.

MicrosoftAppCredentials.TrustServiceUrl(serviceUrl); did it for me
This needs to be documented somewhere since this is the first and only place I saw this info.
"Only" took me a few hours to find it... i'm sure others will struggle too.

MicrosoftAppCredentials.TrustServiceUrl(serviceUrl);
This also works for me as i was trying send message from my application to bot.
Thanks :)