Skip to content

Commit

Permalink
fix: USGovSingleTenant OAuthEndpoint (#6714)
Browse files Browse the repository at this point in the history
* fixUSGovSingleTenant

* Add UT

* Rollback AuthTenant Property Name

* The Ctor do contains the old ones, Add Ctor to ApiCompatBaseline
  • Loading branch information
fangyangci authored and Tracy Boehrer committed Jan 24, 2024
1 parent 02ec769 commit 435c507
Show file tree
Hide file tree
Showing 10 changed files with 174 additions and 142 deletions.
11 changes: 10 additions & 1 deletion ApiCompatBaseline.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,18 @@ TypesMustExist : Type 'Microsoft.Bot.Builder.Azure.CosmosDbCustomClientOptions'
TypesMustExist : Type 'Microsoft.Bot.Builder.Azure.CosmosDbStorage' does not exist in the implementation but it does exist in the contract.
TypesMustExist : Type 'Microsoft.Bot.Builder.Azure.CosmosDbStorageOptions' does not exist in the implementation but it does exist in the contract.

MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials..ctor(System.String, System.String)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials..ctor(System.String, System.String, System.Net.Http.HttpClient)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials..ctor(System.String, System.String, System.Net.Http.HttpClient, Microsoft.Extensions.Logging.ILogger)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials..ctor(System.String, System.String, System.String, System.Net.Http.HttpClient)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials..ctor(System.String, System.String, System.String, System.Net.Http.HttpClient, Microsoft.Extensions.Logging.ILogger)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftGovernmentAppCredentials..ctor(System.String, System.String, System.Net.Http.HttpClient)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftGovernmentAppCredentials..ctor(System.String, System.String, System.Net.Http.HttpClient, Microsoft.Extensions.Logging.ILogger)' does not exist in the implementation but it does exist in the contract.

TypesMustExist : Type 'Microsoft.Bot.Connector.Authentication.AdalAuthenticator' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.AppCredentials.BuildAuthenticator()' does not exist in the implementation but it does exist in the contract.
CannotAddAbstractMembers : Member 'Microsoft.Bot.Connector.Authentication.AppCredentials.BuildIAuthenticator()' is abstract in the implementation but is missing in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.CertificateAppCredentials..ctor(Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate, System.String, System.Net.Http.HttpClient, Microsoft.Extensions.Logging.ILogger)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.CertificateAppCredentials.BuildAuthenticator()' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials.BuildAuthenticator()' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials.BuildAuthenticator()' does not exist in the implementation but it does exist in the contract.

38 changes: 32 additions & 6 deletions libraries/Microsoft.Bot.Connector/Authentication/AppCredentials.cs
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ public abstract class AppCredentials : ServiceClientCredentials
/// </summary>
private Lazy<IAuthenticator> _authenticator;

private string _oAuthScope;

/// <summary>
/// Initializes a new instance of the <see cref="AppCredentials"/> class.
/// </summary>
Expand All @@ -54,7 +56,7 @@ public AppCredentials(string channelAuthTenant = null, HttpClient customHttpClie
/// <param name="oAuthScope">The scope for the token.</param>
public AppCredentials(string channelAuthTenant = null, HttpClient customHttpClient = null, ILogger logger = null, string oAuthScope = null)
{
OAuthScope = string.IsNullOrWhiteSpace(oAuthScope) ? AuthenticationConstants.ToChannelFromBotOAuthScope : oAuthScope;
_oAuthScope = oAuthScope;
ChannelAuthTenant = channelAuthTenant;
CustomHttpClient = customHttpClient;
Logger = logger ?? NullLogger.Instance;
Expand All @@ -74,13 +76,15 @@ public AppCredentials(string channelAuthTenant = null, HttpClient customHttpClie
/// <value>
/// Tenant to be used for channel authentication.
/// </value>
public string ChannelAuthTenant
public virtual string ChannelAuthTenant
{
get => string.IsNullOrEmpty(AuthTenant) ? AuthenticationConstants.DefaultChannelAuthTenant : AuthTenant;
get => string.IsNullOrEmpty(AuthTenant)
? DefaultChannelAuthTenant
: AuthTenant;
set
{
// Advanced user only, see https://aka.ms/bots/tenant-restriction
var endpointUrl = string.Format(CultureInfo.InvariantCulture, AuthenticationConstants.ToChannelFromBotLoginUrlTemplate, value);
var endpointUrl = string.Format(CultureInfo.InvariantCulture, ToChannelFromBotLoginUrlTemplate, value);

if (Uri.TryCreate(endpointUrl, UriKind.Absolute, out _))
{
Expand All @@ -99,7 +103,7 @@ public string ChannelAuthTenant
/// <value>
/// The OAuth endpoint to use.
/// </value>
public virtual string OAuthEndpoint => string.Format(CultureInfo.InvariantCulture, AuthenticationConstants.ToChannelFromBotLoginUrlTemplate, ChannelAuthTenant);
public virtual string OAuthEndpoint => string.Format(CultureInfo.InvariantCulture, ToChannelFromBotLoginUrlTemplate, ChannelAuthTenant);

/// <summary>
/// Gets a value indicating whether to validate the Authority.
Expand All @@ -115,7 +119,9 @@ public string ChannelAuthTenant
/// <value>
/// The OAuth scope to use.
/// </value>
public virtual string OAuthScope { get; }
public virtual string OAuthScope => string.IsNullOrEmpty(_oAuthScope)
? ToChannelFromBotOAuthScope
: _oAuthScope;

/// <summary>
/// Gets or sets the channel auth token tenant for this credential.
Expand All @@ -141,6 +147,26 @@ public string ChannelAuthTenant
/// </value>
protected ILogger Logger { get; set; }

/// <summary>
/// Gets DefaultChannelAuthTenant.
/// </summary>
/// <value>DefaultChannelAuthTenant.</value>
protected virtual string DefaultChannelAuthTenant => AuthenticationConstants.DefaultChannelAuthTenant;

/// <summary>
/// Gets ToChannelFromBotOAuthScope.
/// </summary>
/// <value>ToChannelFromBotOAuthScope.</value>
protected virtual string ToChannelFromBotOAuthScope => AuthenticationConstants.ToChannelFromBotOAuthScope;

/// <summary>
/// Gets ToChannelFromBotLoginUrlTemplate.
/// </summary>
/// <value>ToChannelFromBotLoginUrlTemplate.</value>
#pragma warning disable CA1056 // Uri properties should not be strings
protected virtual string ToChannelFromBotLoginUrlTemplate => AuthenticationConstants.ToChannelFromBotLoginUrlTemplate;
#pragma warning restore CA1056 // Uri properties should not be strings

/// <summary>
/// Adds the host of service url to <see cref="MicrosoftAppCredentials"/> trusted hosts.
/// </summary>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,24 @@ public static class GovernmentAuthenticationConstants
public const string ChannelService = "https://botframework.azure.us";

/// <summary>
/// TO GOVERNMENT CHANNEL FROM BOT: Login URL.
/// TO CHANNEL FROM BOT: Login URL.
///
/// DEPRECATED. For binary compat only.
/// </summary>
public const string ToChannelFromBotLoginUrl = "https://login.microsoftonline.us/MicrosoftServices.onmicrosoft.us";

/// <summary>
/// TO CHANNEL FROM BOT: Login URL template string. Bot developer may specify
/// which tenant to obtain an access token from. By default, the channels only
/// accept tokens from "MicrosoftServices.onmicrosoft.us". For more details see https://aka.ms/bots/tenant-restriction.
/// </summary>
public const string ToChannelFromBotLoginUrlTemplate = "https://login.microsoftonline.us/{0}";

/// <summary>
/// The default tenant to acquire bot to channel token from.
/// </summary>
public const string DefaultChannelAuthTenant = "MicrosoftServices.onmicrosoft.us";

/// <summary>
/// TO GOVERNMENT CHANNEL FROM BOT: OAuth scope to request.
/// </summary>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ internal class GovernmentCloudBotFrameworkAuthentication : BuiltinBotFrameworkAu
public GovernmentCloudBotFrameworkAuthentication(ServiceClientCredentialsFactory credentialFactory, AuthenticationConfiguration authConfiguration, IHttpClientFactory httpClientFactory, ILogger logger = null)
: base(
GovernmentAuthenticationConstants.ToChannelFromBotOAuthScope,
GovernmentAuthenticationConstants.ToChannelFromBotLoginUrl,
GovernmentAuthenticationConstants.ToChannelFromBotLoginUrlTemplate,
CallerIdConstants.USGovChannel,
GovernmentAuthenticationConstants.ChannelService,
GovernmentAuthenticationConstants.OAuthUrlGov,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,39 +38,6 @@ public class MicrosoftAppCredentials : AppCredentials
/// </summary>
public static readonly MicrosoftAppCredentials Empty = new MicrosoftAppCredentials(null, null);

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
/// <param name="appId">The Microsoft app ID.</param>
/// <param name="password">The Microsoft app password.</param>
public MicrosoftAppCredentials(string appId, string password)
: this(appId, password, null, null, null, null)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
/// <param name="appId">The Microsoft app ID.</param>
/// <param name="password">The Microsoft app password.</param>
/// <param name="customHttpClient">Optional <see cref="HttpClient"/> to be used when acquiring tokens.</param>
public MicrosoftAppCredentials(string appId, string password, HttpClient customHttpClient)
: this(appId, password, null, customHttpClient)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
/// <param name="appId">The Microsoft app ID.</param>
/// <param name="password">The Microsoft app password.</param>
/// <param name="customHttpClient">Optional <see cref="HttpClient"/> to be used when acquiring tokens.</param>
/// <param name="logger">Optional <see cref="ILogger"/> to gather telemetry data while acquiring and managing credentials.</param>
public MicrosoftAppCredentials(string appId, string password, HttpClient customHttpClient, ILogger logger)
: this(appId, password, null, customHttpClient, logger)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
Expand All @@ -79,36 +46,11 @@ public MicrosoftAppCredentials(string appId, string password, HttpClient customH
/// <param name="customHttpClient">Optional <see cref="HttpClient"/> to be used when acquiring tokens.</param>
/// <param name="logger">Optional <see cref="ILogger"/> to gather telemetry data while acquiring and managing credentials.</param>
/// <param name="oAuthScope">The scope for the token.</param>
public MicrosoftAppCredentials(string appId, string password, HttpClient customHttpClient, ILogger logger, string oAuthScope)
public MicrosoftAppCredentials(string appId, string password, HttpClient customHttpClient = null, ILogger logger = null, string oAuthScope = null)
: this(appId, password, null, customHttpClient, logger, oAuthScope)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
/// <param name="appId">The Microsoft app ID.</param>
/// <param name="password">The Microsoft app password.</param>
/// <param name="channelAuthTenant">Optional. The oauth token tenant.</param>
/// <param name="customHttpClient">Optional <see cref="HttpClient"/> to be used when acquiring tokens.</param>
public MicrosoftAppCredentials(string appId, string password, string channelAuthTenant, HttpClient customHttpClient)
: this(appId, password, channelAuthTenant, customHttpClient, null)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
/// <param name="appId">The Microsoft app ID.</param>
/// <param name="password">The Microsoft app password.</param>
/// <param name="channelAuthTenant">Optional. The oauth token tenant.</param>
/// <param name="customHttpClient">Optional <see cref="HttpClient"/> to be used when acquiring tokens.</param>
/// <param name="logger">Optional <see cref="ILogger"/> to gather telemetry data while acquiring and managing credentials.</param>
public MicrosoftAppCredentials(string appId, string password, string channelAuthTenant, HttpClient customHttpClient, ILogger logger = null)
: this(appId, password, channelAuthTenant, customHttpClient, logger, null)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
Expand All @@ -118,7 +60,7 @@ public MicrosoftAppCredentials(string appId, string password, string channelAuth
/// <param name="customHttpClient">Optional <see cref="HttpClient"/> to be used when acquiring tokens.</param>
/// <param name="logger">Optional <see cref="ILogger"/> to gather telemetry data while acquiring and managing credentials.</param>
/// <param name="oAuthScope">The scope for the token.</param>
public MicrosoftAppCredentials(string appId, string password, string channelAuthTenant, HttpClient customHttpClient, ILogger logger = null, string oAuthScope = null)
public MicrosoftAppCredentials(string appId, string password, string channelAuthTenant, HttpClient customHttpClient = null, ILogger logger = null, string oAuthScope = null)
: base(channelAuthTenant, customHttpClient, logger, oAuthScope)
{
MicrosoftAppId = appId;
Expand Down
Loading

0 comments on commit 435c507

Please sign in to comment.