From 0b1d9581ed7b97e9c8cc94a889f8fc6f41c13afe Mon Sep 17 00:00:00 2001
From: Jhonatan Sandoval Velasco
 <122501764+JhontSouth@users.noreply.github.com>
Date: Tue, 16 Apr 2024 08:28:20 -0500
Subject: [PATCH] feat: Support Single Tenant authentication through
 BotFramework-Emulator (#4643)

* use dynamic creation of issuer with tenant id

* include documentation and tid validation

* use valid token issuer Url template

* format lint issues

* use auth constants to get payload values

* fix lint issues
---
 .../src/auth/authenticationConstants.ts       |  5 +++++
 .../src/auth/emulatorValidation.ts            | 19 ++++++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/libraries/botframework-connector/src/auth/authenticationConstants.ts b/libraries/botframework-connector/src/auth/authenticationConstants.ts
index 07cae74324..c8eee6e47c 100644
--- a/libraries/botframework-connector/src/auth/authenticationConstants.ts
+++ b/libraries/botframework-connector/src/auth/authenticationConstants.ts
@@ -172,6 +172,11 @@ export namespace AuthenticationConstants {
      */
     export const ServiceUrlClaim = 'serviceurl';
 
+    /**
+     * Tenant ID claim name. As used in Microsoft AAD tokens.
+     */
+    export const TenantIdClaim = 'tid';
+
     /**
      * AppId used for creating skill claims when there is no appId and password configured.
      */
diff --git a/libraries/botframework-connector/src/auth/emulatorValidation.ts b/libraries/botframework-connector/src/auth/emulatorValidation.ts
index bdb93091c6..1972ccea53 100644
--- a/libraries/botframework-connector/src/auth/emulatorValidation.ts
+++ b/libraries/botframework-connector/src/auth/emulatorValidation.ts
@@ -69,12 +69,29 @@ export namespace EmulatorValidation {
         }
 
         // Is there an Issuer?
-        const issuer: string = token.payload.iss;
+        const issuer: string = token.payload[AuthenticationConstants.IssuerClaim];
         if (!issuer) {
             // No Issuer, means it's not from the Emulator.
             return false;
         }
 
+        //Validation to manage the issuer object as a string.
+        if (Array.isArray(ToBotFromBotOrEmulatorTokenValidationParameters.issuer)) {
+            const tenantId = token?.payload[AuthenticationConstants.TenantIdClaim] ?? '';
+
+            //Validate if there is an existing issuer with the same tid value.
+            if (
+                tenantId != '' &&
+                ToBotFromBotOrEmulatorTokenValidationParameters.issuer.find((issuer) => issuer.includes(tenantId)) ==
+                    null
+            ) {
+                //If the issuer doesn't exist, this is added using the Emulator token issuer structure.
+                //This allows use of the SingleTenant authentication through Emulator.
+                const newIssuer = AuthenticationConstants.ValidTokenIssuerUrlTemplateV1 + `${tenantId}/`;
+                ToBotFromBotOrEmulatorTokenValidationParameters.issuer.push(newIssuer);
+            }
+        }
+
         // Is the token issues by a source we consider to be the emulator?
         if (
             ToBotFromEmulatorTokenValidationParameters.issuer &&