I am building a PVA skill that must authenticate to another system with Oauth. I have successfully published the skill and added it to my PVA bot. However, I am seeing a 404 at api.botframework.com/api/usertoken/GetToken when the skill attempts to run. I have tested the endpoints in the other system using Postman and I can successfully receive a token. I have verified the Oauth connection in the bot channel settings in Azure where the "test connection" feature is also able to successfully receive a token. The user account is the same under all three conditions. Could it be something in my Azure App Registration? I am sure it is something silly that I missing, but I'm stumped.
I had found that article previously, but it wasn't much help. Much of my issue seemed to stem from outdated documentation for the Bot Framework Composer package that I was using.
I am using a "Generic Oauth 2" service provider and attempting to access a ServiceNow instance. The issue was apparently that ServiceNow has intentionally broken/disallowed the client_credentials grant type that I was attempting to use.
From what I can tell, it looks like ServiceNow was receiving the token request with the client_credentials grant type and redirecting to api.botframework.com/api/usertoken/GetToken with a 'guest' user Id. ServiceNow does not allow 'guest' user authorizations and this was resulting in a 404.
Adding an "Authenticate" step to my Bot Framework Composer dialog to retrieve a Code first resolved the issue.
Do you have any more detail beyond the 404? This is a little dated, but the symptoms match up with what you described: /api/usertoken/GetToken 404 - Don't use a redirect URL (bogdanbujdea.dev)