CloudAdapter always builds Connector with MicrosoftAppCredentials (never CertificateAppCredentials) -- certificate auth flow broken

[jineshjin]

Github issues should be used for bugs and feature requests. Use Stack Overflow for general "how-to" questions.

Versions

What package version of the SDK are you using. 4.19.2
What nodejs version are you using >18.9.x
What os are you using: Mac OS 13.2.1

Describe the bug

Similar to this issue: #3246 Cloudadpter is not accepting CertificateAppCredentials. There is no way to provide those parameters to constructor.

To Reproduce

Steps to reproduce the behavior:
Initialize CloudAdapter and try to pass certThumbprint and certPrivatekey.

Expected behavior

It should support CertificateAppCredentials as part of CloudAdpater similar it was with BotFrameworkAdapter

Screenshots

Additional context

see implementation: https://github.com/microsoft/botbuilder-js/blob/main/libraries/botbuilder-core/src/configurationServiceClientCredentialFactory.ts#L51

[ramfattah]

Thanks @jineshjin. I'm investigating.

[jineshjin]

Thanks @jineshjin. I'm investigating.

Hi @ramfattah, any updates here? Just wanted to know whether this is the issue identified and will need fix?

[ramfattah]

Hi @jineshjin, thanks for your patience.

Asking few clarifying questions:

1. What error message are you encountering when using CloudAdapter with certificate authentication? Can you provide a stack trace of the error that you are experiencing? This would help us better understand the issue as the linked issue involved BotFrameworkAdapter, while CloudAdapter is being utilized in this case.
2. How are you passing the certificate thumbprint and certificate private key to the CloudAdapter? Can you share the relevant code snippet or a minimal reproducible example (in the form of a .zip project) that reproduces the error? This information would help us better understand the root cause of the issue and find a solution.
3. Were you previously able to use certificate authentication successfully with CloudAdapter, or is this your first attempt at using it?

[jineshjin]

Hi @ramfattah, thanks for looking into it.

I would answer 3rd first,

3. Were you previously able to use certificate authentication successfully with CloudAdapter, or is this your first attempt at using it?

This is the first time I am trying to connect with CloudAdapter however I have used cert auth previously with BotFrameworkAdapter but CloudAdpter is not even accepting the cert properties as object where it is only expecting these parameters. https://github.com/microsoft/botbuilder-js/blob/main/libraries/botbuilder-core/src/configurationServiceClientCredentialFactory.ts#L19.
I couldn't find CertPrivateKey or CertThumbPrint option to pass as constructor.
I did not even find a sample which depicts the cert configuration with cloud adapter.

2. How are you passing the certificate thumbprint and certificate private key to the CloudAdapter? Can you share the relevant code snippet or a minimal reproducible example (in the form of a .zip project) that reproduces the error? This information would help us better understand the root cause of the issue and find a solution.

const botFrameworkAuthentication = new ConfigurationBotFrameworkAuthentication({
    MicrosoftAppId: config.channelConfig.microsoftAppId,
    CertificateThumbprint: '940F84F314A60F',
    CertificatePrivateKey: fs.readFileSync(path.join(__dirname, './assets/client.pem'), 'utf8'),
  } as ConfigurationBotFrameworkAuthenticationOptions);
  
  const adapter = new CloudAdapter(botFrameworkAuthentication);

1. What error message are you encountering when using CloudAdapter with certificate authentication? Can you provide a stack trace of the error that you are experiencing? This would help us better understand the issue as the linked issue involved BotFrameworkAdapter, while CloudAdapter is being utilized in this case.
   Stack Trace:

error: 
 [onTurnError] unhandled error: Error: The clientSecret parameter is required.
    at Object.validateStringParameter (/Users/dug/Documents/GitHub/****/b***-ch****-***e/node_modules/adal-node/lib/argument.js:37:13)
    at AuthenticationContext.acquireTokenWithClientCredentials (/Users/dug/Documents/GitHub/****/b***-ch****-***e/node_modules/adal-node/lib/authentication-context.js:282:14)
    at /Users/dug/Documents/GitHub/****/b***-ch****-***e/node_modules/botframework-connector/src/auth/microsoftAppCredentials.ts:46:44
    at new Promise (<anonymous>)
    at MicrosoftAppCredentials.<anonymous> (/Users/dug/Documents/GitHub/****/b***-ch****-***e/node_modules/botframework-connector/src/auth/microsoftAppCredentials.ts:45:36)
    at Generator.next (<anonymous>)
    at /Users/dug/Documents/GitHub/****/b***-ch****-***e/node_modules/botframework-connector/lib/auth/microsoftAppCredentials.js:15:71
    at new Promise (<anonymous>)
    at __awaiter (/Users/dug/Documents/GitHub/****/b***-ch****-***e/node_modules/botframework-connector/lib/auth/microsoftAppCredentials.js:11:12)
    at MicrosoftAppCredentials.refreshToken (/Users/dug/Documents/GitHub/****/b***-ch****-***e/node_modules/botframework-connector/lib/auth/microsoftAppCredentials.js:46:16)
    at MicrosoftAppCredentials.<anonymous> (/Users/dug/Documents/GitHub/****/b***-ch****-***e/node_modules/botframework-connector/src/auth/appCredentials.ts:184:52)
    at Generator.next (<anonymous>)
    at /Users/dug/Documents/GitHub/****/b***-ch****-***e/node_modules/botframework-connector/lib/auth/appCredentials.js:15:71
    at new Promise (<anonymous>)
    at __awaiter (/Users/dug/Documents/GitHub/****/b***-ch****-***e/node_modules/botframework-connector/lib/auth/appCredentials.js:11:12)
    at MicrosoftAppCredentials.getToken (/Users/dug/Documents/GitHub/****/b***-ch****-***e/node_modules/botframework-connector/lib/auth/appCredentials.js:136:16) {"ip":"::ffff:127.0.0.1","logseverity":"ERROR","method":"POST","module":"cloud.server","pid":30471}

[ramfattah]

Thanks @jineshjin,

I'm able to reproduce this issue.

After setting up the authentication with certificate credentials using typescript sample 02.echo-bot:

const botFrameworkAuthentication = new ConfigurationBotFrameworkAuthentication({
   MicrosoftAppId: process.env.MicrosoftAppId,
   CertificateThumbprint: '12B12B12B12B12B12B12B12B12B',
   CertificatePrivateKey: fs.readFileSync('C:/Users/***/Documents/Azure/Keys/dev/certificate.pem', 'utf8')
} as ConfigurationBotFrameworkAuthenticationOptions);

// Create adapter.
// See https://aka.ms/about-bot-adapter to learn more about how bots work.
const adapter = new CloudAdapter(botFrameworkAuthentication);

I received the following error when tested the bot in Azure Bot WebChat:

[onTurnError] unhandled error: Error: The clientSecret parameter is required.

[ramfattah]

Hey @ceciliaavila,

I was able to reproduce this issue, assigning this to you for now.

Please let me know if you have any questions.
Thanks.

[jineshjin]

Thanks @ramfattah.
Hi @ceciliaavila, when can we expect this to be resolved? any approx. time? Thanks!

[ceciliaavila]

Hi @jineshjin, we are now testing the changes to support CertificateAppCredentials. We estimate to have a PR ready by the end of the week.

[jineshjin]

@ceciliaavila perfect, many thanks!

[jineshjin]

@tracyboehrer issue is closed but when can we expect a release? Thanks!