I'm trying to solve the task with passing the actor to the HttpPOST action from the card in Teams. So once user clicked on action I can use Inputs for getting user input and add it to the POST action this way:
{
"@type": "ActionCard",
"name": "Comment",
"inputs": [
{
"@type": "TextInput",
"id": "comment",
"isMultiline": true,
"title": "Input's title property"
}
],
"actions": [
{
"@type": "HttpPOST",
"name": "Action's name prop.",
"target": "https://yammer.com/comment?postId=123",
"body": "comment={{comment.value}}"
}
]
}
But I would like to add some user information (name, email, whatever).
Side Notes:
1. Connector posts the reply to the card after the success response from the HttpPOST action containing the actor name (so it looks promising):
2. Connector passes the
access_token
to the HttpPOST API endpoint which contains some information (sub, tid). But there is no any scopes so even I will found the correct userprofile
endpoint for STS I will not be able to call it
3. Based on the sample I was able to use the ActionableMessageTokenValidator
but the result is useless:
- shows the same sub
only (I saw in the token)
Related issue: https://github.com/OfficeDev/outlook-actionable-messages-csharp-token-validation/issues/9
I've investigated this with the Actionable Messages team, and this is a limitation of actionable messages received via connectors (either an mailbox/group connector, or a Teams connector).
The user that executed the action is represented by the sub
claim (the sender
has nothing to do with that). It's already documented that for connectors, sub
contains the object ID, not the email address.
The identity of the user who took the action. For Actionable Messages sent over email,
sub
would be the email address of the user. For connectors,sub
will be the objectID of the user who took the action.
This isn't planned to change. For Outlook, you can move to sending your actionable messages via email, and you'll get the sub
claim as an email address. For Teams, using a connector is the only option.
Regarding the sender
claim being null: this is also a limitation of the connector flow. The incoming webhook generates an email (or chat message for Teams), but it isn't really "sending" these messages. Because they aren't sent, the sender is never stamped on the message. The logic that determines the sender sees an empty value, so that's what gets put in the token. The easiest way to illustrate this is to look at the "from" field in Outlook for one of these messages, you'll see there's no
email address: