-description: Learn how to create new conversation threads, work on mentions, and send message on install. Explore Teams file upload sample (.NET, JavaScript, Python).

-Your bot can mention other users in messages posted into channels.

-#### Form completion feedback

-You can build form completion feedback using an Adaptive Card. Form completion message appears in Adaptive Cards while sending a response to the bot. The message can be of two types, error or success:

-* **Error**: When a response sent to the bot is unsuccessful, **Something went wrong, Try again** message appears.

- :::image type="content" source="../../../assets/images/Cards/error-message.png" alt-text="Error message"border="true":::

-* **Success**: When a response sent to the bot is successful, **Your response was sent to the app** message appears.

- :::image type="content" source="../../../assets/images/Cards/success.PNG" alt-text="Success message"border="true":::

- You can select **Close** or switch chat to dismiss the message.

- If you don't want to display the success message, set the attribute `hide` to `true` in the `msTeams` `feedback` property. Following is an example:

- ```json

- "content": {

- "type": "AdaptiveCard",

- "title": "Card with hidden footer messages",

- "version": "1.0",

- "actions": [

- {

- "type": "Action.Submit",

- "title": "Submit",

- "msTeams": {

- "feedback": {

- "hide": true

- }

- }

- }

- ]

- }

- ```

-For more information on cards and cards in bots, see [cards documentation](~/task-modules-and-cards/what-are-cards.md).

- :::column span="":::

- :::column-end:::

- :::column span="3":::

- :::image type="content" source="../../../assets/images/submission/teams-app-store-publish-process.png" alt-text="Teams app store publishing process" lightbox="../../../assets/images/submission/teams-app-store-publish-process.png":::

- :::column-end:::

- :::column span="":::

- :::column-end:::

- 1. Test and re-test your app:

- Review the [store validation guidelines specific to apps published with linked SaaS offers](~/concepts/deploy-and-publish/appsource/prepare/teams-store-validation-guidelines.md#apps-linked-to-saas-offer) early in your app's life cycle (design phase) to ensure that you build your app in alignment with the store requirements and [Microsoft Commercial Marketplace policies applicable to Teams apps linked to SaaS offers](/legal/marketplace/certification-policies#11405-teams-app-linked-to-software-as-a-service-saas-offers). If you build your app in line with these guidelines, then it prevents any rework due to non-adherence to store policies.

-The icons are intended to create a uniform layout. These guidelines helps you create your app icon for submission.

-#### Do: Follow the recommendation for safe area (96 x 96)

-It is recommended that if you have a logo, keep it within the 96 x 96 safe area inside of the 192 x 192 PNG format icon.

-Here is an example of a logo inside of the PNG format icon that is not within the safe area. It creates uneven padding (negative space) around the icon.

-Borders are added dynamically. If you include a border in your PNG format, it'll result in unwanted duplication on white backgrounds.

-Avoid using multiple words on the icon. It is impossible to read the text when the icon is at smaller sizes for example 32 x 32 or 36 x 36.

->Features included in preview may not be complete, and may undergo changes before becoming available in the public release. They are provided for testing and exploration purposes only. They should not be used in production applications.

-Many features enabled in developer preview require alterations to your app manifest JSON file. To do so, you need to use the [developer preview manifest schema](~/resources/schem) to make these changes, nor you can use it to upload your app for testing. To upload your app you need to select the `More apps` icon on the app bar, then select the `Upload a custom app link`. Using this method you can only upload a zipped version of your app package.

-Developer preview is enabled on a per-client basis, but the option to turn on developer preview is controlled at the organization level. To enable the option to turn on developer preview for an individual, you must ensure that they have the ability to upload custom apps. See [setting up your tenant](~/concepts/build-and-test/prepare-your-o365-tenant.md) for additional information.

-Use the same menu item under About → Developer preview, and select it to turn it off.

-

-You can extend your tab app by using Microsoft Graph to allow users additional permissions, such as to view app user profile, to read mail, and more. Your app must ask for specific permission scopes to obtain the access tokens on app user's consent.

-Graph scopes, such as `User.Read` or `Mail.Read`, lets you specify how your app accesses a Teams user's account. You need to specify your scopes in the authorization request.

-In this section, you'll learn to:

-You can configure additional Graph scopes in Azure AD for your app. These are delegated permissions, which are used by apps that require signed-in access. A signed-in app user or administrator must consent to them. Your tab app can consent on behalf of the signed-in user when it calls Microsoft Graph.

- You've configured your app with Microsoft Graph permissions.

-Depending on the platform or device where you want to target your app, additional configuration may be required such as redirect URIs, specific authentication settings, or details specific to the platform.

-> - If your tab app hasn't been granted IT admin consent, app users have to provide consent the first time they use your app on a different platform.

- > The configurations will be different based on the platform you select.

-You'll need to acquire access token for Microsoft Graph. You can do so by using Azure AD on-behalf-of (OBO) flow.

-The current implementation for SSO grants consent for only user-level permissions that aren't usable for making Graph calls. To get the permissions (scopes) needed to make a Graph call, SSO apps must implement a custom web service to exchange the token received from the Teams JavaScript library for a token that includes the needed scopes. You can use Microsoft Authentication Library (MSAL) for fetching the token from the client side.

-After you've configured Graph permissions in Azure AD:

-1. [Get the token ID from Teams client](#get-the-token-id-from-teams-client)

-1. [Exchange the token ID with the server-side token](#exchange-the-token-id-with-the-server-side-token)

-The following is an example for calling token ID from Teams client:

-The following is an example of OBO flow to fetch access token from the Teams client using MSAL:

-1. Initiate the OAuth 2.0 OBO flow with a call to the Microsoft identity platform that includes the access token, some metadata about the user, and the credentials of the tab app (its app ID and client secret). The Microsoft identity platform will return a new access token that can be used to access Microsoft Graph.

-> - As a best practice for security, always use the [server-side code to make Microsoft Graph calls](/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow#middle-tier-access-token-request) or other calls that require passing an access token. You must not return the OBO token to the client because it enables the client to make direct calls to Microsoft Graph. This helps protect the token from being intercepted or leaked.

-## Known limitations

-1. Tenant admin consent: A simple way of [consenting on behalf of an organization as a tenant admin](/azure/active-directory/manage-apps/consent-and-permissions-overview#admin-consent) is by getting [consent from admin](/azure/active-directory/manage-apps/grant-admin-consent).

- You can ask for consent using the Auth API. Another approach for getting Graph scopes is to present a consent dialog using our existing [third party OAuth provider authentication approach](~/tabs/how-to/authentication/auth-tab-aad.md#navigate-to-the-authorization-page-from-your-pop-up-page). This approach involves popping up an Azure AD consent dialog box.

- <details>

- <summary>To ask for additional consent using the Auth API, follow these steps:</summary>

- 1. The token retrieved using `getAuthToken()` must be exchanged on the server-side using Azure AD [on-behalf-of flow](/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow) to get access to those other Graph APIs. Ensure you use the v2 Graph endpoint for this exchange.

- 2. If the exchange fails, Azure AD returns an invalid grant exception. It usually responds with one of the two error messages, `invalid_grant` or `interaction_required`.

- 3. When the exchange fails, you must ask for consent. Use the user interface (UI) to ask the app user to grant other consent. This UI must include a button that triggers an Azure AD consent dialog using [Silent authentication](~/concepts/authentication/auth-silent-aad.md).

- 4. When asking for more consent from Azure AD, you must include `prompt=consent` in your [query-string-parameter](~/tabs/how-to/authentication/auth-silent-aad.md#get-the-user-context) to Azure AD, otherwise Azure AD wouldn't ask for other scopes.

- - Instead of `?scope={scopes}`, use `?prompt=consent&scope={scopes}`

- - Ensure that `{scopes}` includes all the scopes you're prompting the user for, for example, `Mail.Read` or `User.Read`.

- To handle incremental consent for tab app, see [incremental and dynamic user consent](/azure/active-directory/develop/v2-permissions-and-consent).

- 5. After the app user has granted more permissions, retry the OBO flow to get access to these other APIs.

- </details>

-1. Race condition in fetching Graph access token via on-behalf-of (OBO) flow after consent: If your app calls Microsoft Graph, you might use the on-behalf-of (OBO) flow in your API to get a valid Graph token for that user.

- If a user hasn't granted Azure AD application consent for these scopes, your OBO call will fail with `invalid_grant` or `interaction_required` error. This error informs you that you need to prompt the user for their consent.

- When the user has provided their consent and you try to make an OBO call immediately, sometimes there's a race condition between Azure AD propagating this consent and the OBO request taking place. This can lead to OBO call failing with the same `invalid_grant` or `interaction_required` errors.

- If your application is unaware of this behaviour, it might ask the user for consent multiple times.

- There's no workaround to this limitation. Azure AD recommends that you can build a meaningful wait-and-retry mechanism to overcome this issue.

- This wait-and-retry mechanism should keep track if a user has consented to the required scopes. If an API call that includes an OBO request fails with the above errors, but the user has already consented, avoid showing the consent prompt to the user. Instead, wait for some time before retrying the API call. Usually, Azure AD sends the consent within three to five seconds. In one of our [sample applications](https://github.com/OfficeDev/Microsoft-Teams-Samples/blob/8f266c33608d6d7b4cf89c81779ccf49e7664c1e/samples/bot-tab-conversations/csharp/Source/ConversationalTabs.Web/ClientApp/src/utils/UtilsFunctions.ts#LL8C1-L8C1), we retry up to three times with double the wait time between each retry, starting at a one second wait.

- If after three to five attempts the OBO flow still fails, the user might not have consented to all the required scopes, and you may have to prompt them to consent again.

- This approach helps reduce the possibility of user being prompted for consent more than once.

-* [Form completion feedback](../../bots/how-to/conversations/conversation-messages.md#form-completion-feedback)

-description: In this module, learn how to get to the DevTools when using the Microsoft Teams Desktop Client and debugging

-1. Ensure you have enabled [developer preview](~/resources/dev-preview/developer-preview-intro.md).

-* [Form completion feedback](~/bots/how-to/conversations/conversation-messages.md#form-completion-feedback)

-* [Form completion feedback](~/bots/how-to/conversations/conversation-messages.md#form-completion-feedback)*

-* [Form completion feedback](../../../bots/how-to/conversations/conversation-messages.md#form-completion-feedback)

-* [Form completion feedback](~/bots/how-to/conversations/conversation-messages.md#form-completion-feedback)

-* [Action.OpenUrl](https://adaptivecards.io/explorer/Action.OpenUrl.html)

-* [Action.Submit](https://adaptivecards.io/explorer/Action.Submit.html)

-* [Action.ShowCard](https://adaptivecards.io/explorer/Action.ShowCard.html)

-* [Action.Execute](/adaptive-cards/authoring-cards/universal-action-model#actionexecute)

-You can also modify the Adaptive Card `Action.Submit` payload to support existing Bot Framework actions using an `msteams` property in the `data` object of `Action.Submit`. The next section provides details on how to use existing Bot Framework actions with Adaptive Cards.

->

-* [Form completion feedback](~/bots/how-to/conversations/conversation-messages.md#form-completion-feedback)

-* [Form completion feedback](~/bots/how-to/conversations/conversation-messages.md#form-completion-feedback)

-| 06/08/2022 | Optional card feedback for success message| Build bots > Bot conversations > [Messages in bot conversations](~/bots/how-to/conversations/conversation-messages.md#form-completion-feedback)|

-| 01/19/2022 | Adaptive Cards form completion feedback | Build bots > Bot conversations > Messages in bot conversations > [Form completion feedback](bots/how-to/conversations/conversation-messages.md#form-completion-feedback)|