What is the purpose of creating an AAD application?

[yunbozhang-msft]

Discussed in #11924

^{Originally posted by yunbozhang-msft June 29, 2024}
Hi team,

Since ClientSecret cannot be used and the only way to authenticate is through certificates, I would like to know what is the use of creating an AAD App here? Can it be deleted? Because I found that we already have botAadApp.

Thanks!

[microsoft-github-policy-service]

Thank you for contacting us! Any issue or feedback from you is quite important to us. We will do our best to fully respond to your issue as soon as possible. Sometimes additional investigations may be needed, we will usually get back to you within 2 days by adding comments to this issue. Please stay tuned.

[blackchoey]

@yunbozhang-msft In general, the app created by aadApp/create is used to acquire permission to call external APIs like Microsoft Graph API. And the app created by botAadApp/create is used to register a bot for your Teams app. The best practice is to use different AAD apps for the different purposes. So you can see the project creates 2 AAD apps. And you can't delete one of them if your bot app needs to call an external API protected by AAD.

Can you share which sample or template you're trying? I can share where are the 2 AAD apps used if you're interested in.

[yunbozhang-msft]

Hi @blackchoey thanks for your help.
I refer to this sample: https://github.com/OfficeDev/Microsoft-Teams-Samples/blob/main/samples/bot-proactive-messaging-teamsfx/teamsapp.yml#L13

Actually, I question is can I change to use certificate in aadApp/create? Instead of client secret. Thanks!

[blackchoey]

@yunbozhang-msft Seems the app does not call external APIs. You could try to delete the aadApp/create action and remove the reference of produced environment variables in other actions and try again.

For using certificate, you can absolutely use it to replace client secret in your code.
The aadApp/create action currently does not support cert related operation. Please obtain a cert from trusted CA by yourself and add it to related AAD app. If you think TTK should automate the steps, please open a feature request issue in this repo and I can follow up with that.

[blackchoey]

Created OfficeDev/Microsoft-Teams-Samples#1311 to update the sample. Please let us know if you have further questions.

[microsoft-github-policy-service]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 7 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.

[microsoft-github-policy-service]

Due to lack of details for further investigation, we will archive the issue for now. In case you still have following-up questions on this issue, please always feel free to reopen the issue by clicking ‘reopen issue’ button below the comment box. We will get back to you as soon as possible.