Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: USGovSingleTenant OAuthEndpoint #6714

Merged
merged 5 commits into from
Dec 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion ApiCompatBaseline.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,18 @@ TypesMustExist : Type 'Microsoft.Bot.Builder.Azure.CosmosDbCustomClientOptions'
TypesMustExist : Type 'Microsoft.Bot.Builder.Azure.CosmosDbStorage' does not exist in the implementation but it does exist in the contract.
TypesMustExist : Type 'Microsoft.Bot.Builder.Azure.CosmosDbStorageOptions' does not exist in the implementation but it does exist in the contract.

MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials..ctor(System.String, System.String)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials..ctor(System.String, System.String, System.Net.Http.HttpClient)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials..ctor(System.String, System.String, System.Net.Http.HttpClient, Microsoft.Extensions.Logging.ILogger)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials..ctor(System.String, System.String, System.String, System.Net.Http.HttpClient)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials..ctor(System.String, System.String, System.String, System.Net.Http.HttpClient, Microsoft.Extensions.Logging.ILogger)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftGovernmentAppCredentials..ctor(System.String, System.String, System.Net.Http.HttpClient)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftGovernmentAppCredentials..ctor(System.String, System.String, System.Net.Http.HttpClient, Microsoft.Extensions.Logging.ILogger)' does not exist in the implementation but it does exist in the contract.

TypesMustExist : Type 'Microsoft.Bot.Connector.Authentication.AdalAuthenticator' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.AppCredentials.BuildAuthenticator()' does not exist in the implementation but it does exist in the contract.
CannotAddAbstractMembers : Member 'Microsoft.Bot.Connector.Authentication.AppCredentials.BuildIAuthenticator()' is abstract in the implementation but is missing in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.CertificateAppCredentials..ctor(Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate, System.String, System.Net.Http.HttpClient, Microsoft.Extensions.Logging.ILogger)' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.CertificateAppCredentials.BuildAuthenticator()' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials.BuildAuthenticator()' does not exist in the implementation but it does exist in the contract.
MembersMustExist : Member 'Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials.BuildAuthenticator()' does not exist in the implementation but it does exist in the contract.

Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ public abstract class AppCredentials : ServiceClientCredentials
/// </summary>
private Lazy<IAuthenticator> _authenticator;

private string _oAuthScope;

/// <summary>
/// Initializes a new instance of the <see cref="AppCredentials"/> class.
/// </summary>
Expand All @@ -54,7 +56,7 @@ public AppCredentials(string channelAuthTenant = null, HttpClient customHttpClie
/// <param name="oAuthScope">The scope for the token.</param>
public AppCredentials(string channelAuthTenant = null, HttpClient customHttpClient = null, ILogger logger = null, string oAuthScope = null)
{
OAuthScope = string.IsNullOrWhiteSpace(oAuthScope) ? AuthenticationConstants.ToChannelFromBotOAuthScope : oAuthScope;
_oAuthScope = oAuthScope;
ChannelAuthTenant = channelAuthTenant;
CustomHttpClient = customHttpClient;
Logger = logger ?? NullLogger.Instance;
Expand All @@ -74,13 +76,15 @@ public AppCredentials(string channelAuthTenant = null, HttpClient customHttpClie
/// <value>
/// Tenant to be used for channel authentication.
/// </value>
public string ChannelAuthTenant
public virtual string ChannelAuthTenant
{
get => string.IsNullOrEmpty(AuthTenant) ? AuthenticationConstants.DefaultChannelAuthTenant : AuthTenant;
get => string.IsNullOrEmpty(AuthTenant)
? DefaultChannelAuthTenant
: AuthTenant;
set
{
// Advanced user only, see https://aka.ms/bots/tenant-restriction
var endpointUrl = string.Format(CultureInfo.InvariantCulture, AuthenticationConstants.ToChannelFromBotLoginUrlTemplate, value);
var endpointUrl = string.Format(CultureInfo.InvariantCulture, ToChannelFromBotLoginUrlTemplate, value);

if (Uri.TryCreate(endpointUrl, UriKind.Absolute, out _))
{
Expand All @@ -99,7 +103,7 @@ public string ChannelAuthTenant
/// <value>
/// The OAuth endpoint to use.
/// </value>
public virtual string OAuthEndpoint => string.Format(CultureInfo.InvariantCulture, AuthenticationConstants.ToChannelFromBotLoginUrlTemplate, ChannelAuthTenant);
public virtual string OAuthEndpoint => string.Format(CultureInfo.InvariantCulture, ToChannelFromBotLoginUrlTemplate, ChannelAuthTenant);

/// <summary>
/// Gets a value indicating whether to validate the Authority.
Expand All @@ -115,7 +119,9 @@ public string ChannelAuthTenant
/// <value>
/// The OAuth scope to use.
/// </value>
public virtual string OAuthScope { get; }
public virtual string OAuthScope => string.IsNullOrEmpty(_oAuthScope)
? ToChannelFromBotOAuthScope
: _oAuthScope;

/// <summary>
/// Gets or sets the channel auth token tenant for this credential.
Expand All @@ -141,6 +147,26 @@ public string ChannelAuthTenant
/// </value>
protected ILogger Logger { get; set; }

/// <summary>
/// Gets DefaultChannelAuthTenant.
/// </summary>
/// <value>DefaultChannelAuthTenant.</value>
protected virtual string DefaultChannelAuthTenant => AuthenticationConstants.DefaultChannelAuthTenant;

/// <summary>
/// Gets ToChannelFromBotOAuthScope.
/// </summary>
/// <value>ToChannelFromBotOAuthScope.</value>
protected virtual string ToChannelFromBotOAuthScope => AuthenticationConstants.ToChannelFromBotOAuthScope;

/// <summary>
/// Gets ToChannelFromBotLoginUrlTemplate.
/// </summary>
/// <value>ToChannelFromBotLoginUrlTemplate.</value>
#pragma warning disable CA1056 // Uri properties should not be strings
protected virtual string ToChannelFromBotLoginUrlTemplate => AuthenticationConstants.ToChannelFromBotLoginUrlTemplate;
#pragma warning restore CA1056 // Uri properties should not be strings

/// <summary>
/// Adds the host of service url to <see cref="MicrosoftAppCredentials"/> trusted hosts.
/// </summary>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,24 @@ public static class GovernmentAuthenticationConstants
public const string ChannelService = "https://botframework.azure.us";

/// <summary>
/// TO GOVERNMENT CHANNEL FROM BOT: Login URL.
/// TO CHANNEL FROM BOT: Login URL.
///
/// DEPRECATED. For binary compat only.
/// </summary>
public const string ToChannelFromBotLoginUrl = "https://login.microsoftonline.us/MicrosoftServices.onmicrosoft.us";
fangyangci marked this conversation as resolved.
Show resolved Hide resolved

/// <summary>
/// TO CHANNEL FROM BOT: Login URL template string. Bot developer may specify
/// which tenant to obtain an access token from. By default, the channels only
/// accept tokens from "MicrosoftServices.onmicrosoft.us". For more details see https://aka.ms/bots/tenant-restriction.
/// </summary>
public const string ToChannelFromBotLoginUrlTemplate = "https://login.microsoftonline.us/{0}";

/// <summary>
/// The default tenant to acquire bot to channel token from.
/// </summary>
public const string DefaultChannelAuthTenant = "MicrosoftServices.onmicrosoft.us";

/// <summary>
/// TO GOVERNMENT CHANNEL FROM BOT: OAuth scope to request.
/// </summary>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ internal class GovernmentCloudBotFrameworkAuthentication : BuiltinBotFrameworkAu
public GovernmentCloudBotFrameworkAuthentication(ServiceClientCredentialsFactory credentialFactory, AuthenticationConfiguration authConfiguration, IHttpClientFactory httpClientFactory, ILogger logger = null)
: base(
GovernmentAuthenticationConstants.ToChannelFromBotOAuthScope,
GovernmentAuthenticationConstants.ToChannelFromBotLoginUrl,
GovernmentAuthenticationConstants.ToChannelFromBotLoginUrlTemplate,
CallerIdConstants.USGovChannel,
GovernmentAuthenticationConstants.ChannelService,
GovernmentAuthenticationConstants.OAuthUrlGov,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,39 +38,6 @@ public class MicrosoftAppCredentials : AppCredentials
/// </summary>
public static readonly MicrosoftAppCredentials Empty = new MicrosoftAppCredentials(null, null);

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
/// <param name="appId">The Microsoft app ID.</param>
/// <param name="password">The Microsoft app password.</param>
public MicrosoftAppCredentials(string appId, string password)
: this(appId, password, null, null, null, null)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
/// <param name="appId">The Microsoft app ID.</param>
/// <param name="password">The Microsoft app password.</param>
/// <param name="customHttpClient">Optional <see cref="HttpClient"/> to be used when acquiring tokens.</param>
public MicrosoftAppCredentials(string appId, string password, HttpClient customHttpClient)
: this(appId, password, null, customHttpClient)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
/// <param name="appId">The Microsoft app ID.</param>
/// <param name="password">The Microsoft app password.</param>
/// <param name="customHttpClient">Optional <see cref="HttpClient"/> to be used when acquiring tokens.</param>
/// <param name="logger">Optional <see cref="ILogger"/> to gather telemetry data while acquiring and managing credentials.</param>
public MicrosoftAppCredentials(string appId, string password, HttpClient customHttpClient, ILogger logger)
: this(appId, password, null, customHttpClient, logger)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
Expand All @@ -79,36 +46,11 @@ public MicrosoftAppCredentials(string appId, string password, HttpClient customH
/// <param name="customHttpClient">Optional <see cref="HttpClient"/> to be used when acquiring tokens.</param>
/// <param name="logger">Optional <see cref="ILogger"/> to gather telemetry data while acquiring and managing credentials.</param>
/// <param name="oAuthScope">The scope for the token.</param>
public MicrosoftAppCredentials(string appId, string password, HttpClient customHttpClient, ILogger logger, string oAuthScope)
public MicrosoftAppCredentials(string appId, string password, HttpClient customHttpClient = null, ILogger logger = null, string oAuthScope = null)
: this(appId, password, null, customHttpClient, logger, oAuthScope)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
/// <param name="appId">The Microsoft app ID.</param>
/// <param name="password">The Microsoft app password.</param>
/// <param name="channelAuthTenant">Optional. The oauth token tenant.</param>
/// <param name="customHttpClient">Optional <see cref="HttpClient"/> to be used when acquiring tokens.</param>
public MicrosoftAppCredentials(string appId, string password, string channelAuthTenant, HttpClient customHttpClient)
: this(appId, password, channelAuthTenant, customHttpClient, null)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
/// <param name="appId">The Microsoft app ID.</param>
/// <param name="password">The Microsoft app password.</param>
/// <param name="channelAuthTenant">Optional. The oauth token tenant.</param>
/// <param name="customHttpClient">Optional <see cref="HttpClient"/> to be used when acquiring tokens.</param>
/// <param name="logger">Optional <see cref="ILogger"/> to gather telemetry data while acquiring and managing credentials.</param>
public MicrosoftAppCredentials(string appId, string password, string channelAuthTenant, HttpClient customHttpClient, ILogger logger = null)
: this(appId, password, channelAuthTenant, customHttpClient, logger, null)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftAppCredentials"/> class.
/// </summary>
Expand All @@ -118,7 +60,7 @@ public MicrosoftAppCredentials(string appId, string password, string channelAuth
/// <param name="customHttpClient">Optional <see cref="HttpClient"/> to be used when acquiring tokens.</param>
/// <param name="logger">Optional <see cref="ILogger"/> to gather telemetry data while acquiring and managing credentials.</param>
/// <param name="oAuthScope">The scope for the token.</param>
public MicrosoftAppCredentials(string appId, string password, string channelAuthTenant, HttpClient customHttpClient, ILogger logger = null, string oAuthScope = null)
public MicrosoftAppCredentials(string appId, string password, string channelAuthTenant, HttpClient customHttpClient = null, ILogger logger = null, string oAuthScope = null)
: base(channelAuthTenant, customHttpClient, logger, oAuthScope)
{
MicrosoftAppId = appId;
Expand Down
Loading
Loading