Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow user to specify bot to channel token tenant #841

Merged
merged 5 commits into from
Apr 10, 2019
Merged

Allow user to specify bot to channel token tenant #841

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3a6bdda
Allow user to specify bot to channel token tenant
Mar 28, 2019
bb3c5ee
move string in code to constants and don't use null as default parame…
Apr 1, 2019
552385f
Merge branch 'master' into ming/tenantAuthNode
Apr 4, 2019
e8be75a
Add old constant back for back compat
Apr 9, 2019
e1317be
Merge branch 'master' into ming/tenantAuthNode
Apr 10, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion libraries/botbuilder/src/botFrameworkAdapter.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,12 @@ export interface BotFrameworkAdapterSettings {
* Password assigned to your bot in the [Bot Framework Portal](https://dev.botframework.com/).
*/
appPassword: string;

/**
* (Optional) The OAuth API Endpoint for your bot to use.
*/
channelAuthTenant?: string;

/**
* (Optional) The OAuth API Endpoint for your bot to use.
*/
Expand Down Expand Up @@ -129,7 +135,7 @@ export class BotFrameworkAdapter extends BotAdapter implements IUserTokenProvide
constructor(settings?: Partial<BotFrameworkAdapterSettings>) {
super();
this.settings = { appId: '', appPassword: '', ...settings };
this.credentials = new MicrosoftAppCredentials(this.settings.appId, this.settings.appPassword || '');
this.credentials = new MicrosoftAppCredentials(this.settings.appId, this.settings.appPassword || '', this.settings.channelAuthTenant);
this.credentialsProvider = new SimpleCredentialProvider(this.credentials.appId, this.credentials.appPassword);
this.isEmulatingOAuthCards = false;
if (this.settings.openIdMetadata) {
Expand Down
14 changes: 12 additions & 2 deletions libraries/botframework-connector/src/auth/constants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,19 @@
*/
export namespace Constants {
/**
* TO CHANNEL FROM BOT: Login URL
* TO CHANNEL FROM BOT: Login URL prefix
mingweiw marked this conversation as resolved.
Show resolved Hide resolved
mingweiw marked this conversation as resolved.
Show resolved Hide resolved
*/
export const ToChannelFromBotLoginUrl = 'https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token';
export const ToChannelFromBotLoginUrlPrefix = 'https://login.microsoftonline.com/';

/**
* TO CHANNEL FROM BOT: Login URL token endpoint path
*/
export const ToChannelFromBotTokenEndpointPath = '/oauth2/v2.0/token';

/**
* TO CHANNEL FROM BOT: Default tenant from which to obtain a token for bot to channel communication
*/
export const DefaultChannelAuthTenant = 'botframework.com';

/**
* TO CHANNEL FROM BOT: OAuth scope to request
Expand Down
8 changes: 6 additions & 2 deletions libraries/botframework-connector/src/auth/microsoftAppCredentials.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,18 @@ export class MicrosoftAppCredentials implements msrest.ServiceClientCredentials
public appPassword: string;
public appId: string;

public oAuthEndpoint: string = Constants.ToChannelFromBotLoginUrl;
public oAuthEndpoint: string;
public oAuthScope: string = Constants.ToChannelFromBotOAuthScope;
public readonly tokenCacheKey: string;
private refreshingToken: Promise<Response> | null = null;

constructor(appId: string, appPassword: string) {
constructor(appId: string, appPassword: string, channelAuthTenant?: string) {
this.appId = appId;
this.appPassword = appPassword;
const tenant = channelAuthTenant && channelAuthTenant.length > 0
? channelAuthTenant
: Constants.DefaultChannelAuthTenant;
this.oAuthEndpoint = Constants.ToChannelFromBotLoginUrlPrefix + tenant + Constants.ToChannelFromBotTokenEndpointPath;
this.tokenCacheKey = `${ appId }-cache`;
}

Expand Down
8 changes: 8 additions & 0 deletions libraries/botframework-connector/tests/auth.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,14 @@ describe('Bot Framework Connector - Auth Tests', function () {
assert(MicrosoftAppCredentials.isTrustedServiceUrl('https://smba.trafficmanager.net/amer-client-ss.msg/'));
});

it('Obtain MsaHeader from a user specified tenant', async () => {
const tokenGenerator = new MicrosoftAppCredentials('2cd87869-38a0-4182-9251-d056e8f0ac24', '2.30Vs3VQLKt974F', 'microsoft.com');
const header = `Bearer ${ await tokenGenerator.getToken(true) }`;
const credentials = new SimpleCredentialProvider('2cd87869-38a0-4182-9251-d056e8f0ac24', '');
const claims = await JwtTokenValidation.authenticateRequest({ serviceUrl: 'https://smba.trafficmanager.net/amer-client-ss.msg/' }, header, credentials, undefined);
assert(claims.getClaimValue("tid") == '72f988bf-86f1-41af-91ab-2d7cd011db47');
});

it('MsaHeader with invalid ServiceUrl should not be trusted', async () => {
const tokenGenerator = new MicrosoftAppCredentials('2cd87869-38a0-4182-9251-d056e8f0ac24', '2.30Vs3VQLKt974F');
const header = `Bearer ${ await tokenGenerator.getToken(true) }`;
Expand Down