public override async Task <AuthenticateRequestResult> AuthenticateRequestAsync(Activity activity, string authHeader, CancellationToken cancellationToken) { var claimsIdentity = await JwtTokenValidation.AuthenticateRequest(activity, authHeader, new DelegatingCredentialProvider(_credentialFactory), GetChannelProvider(), _authConfiguration, _authHttpClient).ConfigureAwait(false); var outboundAudience = SkillValidation.IsSkillClaim(claimsIdentity.Claims) ? JwtTokenValidation.GetAppIdFromClaims(claimsIdentity.Claims) : _toChannelFromBotOAuthScope; var callerId = await GenerateCallerIdAsync(_credentialFactory, claimsIdentity, _callerId, cancellationToken).ConfigureAwait(false); var connectorFactory = new ConnectorFactoryImpl(GetAppId(claimsIdentity), _toChannelFromBotOAuthScope, _loginEndpoint, true, _credentialFactory, _httpClientFactory, _logger); return(new AuthenticateRequestResult { ClaimsIdentity = claimsIdentity, Audience = outboundAudience, CallerId = callerId, ConnectorFactory = connectorFactory }); }
public override async Task <AuthenticateRequestResult> AuthenticateRequestAsync(Activity activity, string authHeader, CancellationToken cancellationToken) { var claimsIdentity = await JwtTokenValidation.AuthenticateRequest(activity, authHeader, new DelegatingCredentialProvider(_credentialFactory), GetChannelProvider(), _authConfiguration, _httpClient).ConfigureAwait(false); var scope = SkillValidation.IsSkillClaim(claimsIdentity.Claims) ? JwtTokenValidation.GetAppIdFromClaims(claimsIdentity.Claims) : _toChannelFromBotOAuthScope; var callerId = await GenerateCallerIdAsync(_credentialFactory, claimsIdentity, cancellationToken).ConfigureAwait(false); var appId = GetAppId(claimsIdentity); var credentials = await _credentialFactory.CreateCredentialsAsync(appId, scope, _loginEndpoint, true, cancellationToken).ConfigureAwait(false); return(new AuthenticateRequestResult { ClaimsIdentity = claimsIdentity, Credentials = credentials, Scope = scope, CallerId = callerId }); }
/// <summary> /// Validates the security tokens required by the Bot Framework Protocol. Throws on any exceptions. /// </summary> /// <param name="activity">The incoming Activity from the Bot Framework or the Emulator</param> /// <param name="authHeader">The Bearer token included as part of the request</param> /// <param name="credentials">The set of valid credentials, such as the Bot Application ID</param> /// <param name="httpClient">Validating an Activity requires validating the claimset on the security token. This /// validation may require outbound calls for Endorsement validation and other checks. Those calls are made to /// TLS services, which are (latency wise) expensive resources. The httpClient passed in here, if shared by the layers /// above from call to call, enables connection reuse which is a significant performance and resource improvement.</param> /// <returns>Task tracking operation</returns> public static async Task AssertValidActivity(IActivity activity, string authHeader, ICredentialProvider credentials, HttpClient httpClient = null) { if (string.IsNullOrWhiteSpace(authHeader)) { // No auth header was sent. We might be on the anonymous code path. bool isAuthDisabled = await credentials.IsAuthenticationDisabledAsync(); if (isAuthDisabled) { // We are on the anonymous code path. return; } } // Go through the standard authentication path. await JwtTokenValidation.AuthenticateRequest(activity, authHeader, credentials, httpClient ?? _httpClient); }