-
Notifications
You must be signed in to change notification settings - Fork 479
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implements auth changes required to handle skills #2755
Conversation
…als that allow the developer to set a custom OAuthScope (this helps with skill authentication where the audience will be the calling bot). Added code to validate skill request tokens Adds missing (c) to OAuthConfiguration, Retry and TimeSpanaExtensios. Added InternalsVisibleTo to facilitate unit tesing.
Pull Request Test Coverage Report for Build 83844
💛 - Coveralls |
✔️ No Binary Compatibility issues for Microsoft.Bot.Builder.dll compared against version 4.5.3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are some auth tests around AppCredentials in the FunctionalTests project, would be worth to have some end to end test there
/// <param name="customHttpClient">Optional <see cref="HttpClient"/> to be used when acquiring tokens.</param> | ||
/// <param name="logger">Optional <see cref="ILogger"/> to gather telemetry data while acquiring and managing credentials.</param> | ||
/// <param name="oAuthScope">The scope for the token.</param> | ||
public AppCredentials(string channelAuthTenant = null, HttpClient customHttpClient = null, ILogger logger = null, string oAuthScope = null) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm wondering if we should flow the authentication configuration here, so we can support not only custom OAuthScope, but all auth parameters. Then we could have this constructor receiving
public AppCredentials(AuthenticationConfiguration authConfig, HttpClient httpClient, ILogger logger)
which is extensible through adding optional fields to AuthenticationConfiguration.
Thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe, let's chat when you have a min, I'll leave this one open for now.
libraries/Microsoft.Bot.Connector/Authentication/JwtTokenValidation.cs
Outdated
Show resolved
Hide resolved
libraries/Microsoft.Bot.Connector/Authentication/JwtTokenValidation.cs
Outdated
Show resolved
Hide resolved
libraries/Microsoft.Bot.Connector/Authentication/SkillValidation.cs
Outdated
Show resolved
Hide resolved
libraries/Microsoft.Bot.Connector/Authentication/SkillValidation.cs
Outdated
Show resolved
Hide resolved
libraries/Microsoft.Bot.Connector/Authentication/SkillValidation.cs
Outdated
Show resolved
Hide resolved
✔️ No Binary Compatibility issues for Microsoft.Bot.Builder.dll compared against version 4.5.3 |
Approved with the promise of resolving the authentication configuration parameter only to app credential constructor. |
Relates to #2743
Added constructor overload to AppCredentials and MicrosoftAppCredentals that allow the developer to set a custom OAuthScope (this helps with skill authentication where the audience will be the calling bot).
Added code to validate skill request tokens
Adds missing (c) to OAuthConfiguration, Retry and TimeSpanaExtensios.
Added InternalsVisibleTo to facilitate unit testing.