public override async Task <AuthenticateRequestResult> AuthenticateRequestAsync(Activity activity, string authHeader, CancellationToken cancellationToken)
{
var claimsIdentity = await JwtTokenValidation.AuthenticateRequest(activity, authHeader, new DelegatingCredentialProvider(_credentialFactory), GetChannelProvider(), _authConfiguration, _authHttpClient).ConfigureAwait(false);
var outboundAudience = SkillValidation.IsSkillClaim(claimsIdentity.Claims) ? JwtTokenValidation.GetAppIdFromClaims(claimsIdentity.Claims) : _toChannelFromBotOAuthScope;
var callerId = await GenerateCallerIdAsync(_credentialFactory, claimsIdentity, _callerId, cancellationToken).ConfigureAwait(false);
var connectorFactory = new ConnectorFactoryImpl(GetAppId(claimsIdentity), _toChannelFromBotOAuthScope, _loginEndpoint, true, _credentialFactory, _httpClientFactory, _logger);
return(new AuthenticateRequestResult {
ClaimsIdentity = claimsIdentity, Audience = outboundAudience, CallerId = callerId, ConnectorFactory = connectorFactory
});
}
public override async Task <AuthenticateRequestResult> AuthenticateRequestAsync(Activity activity, string authHeader, CancellationToken cancellationToken)
{
var claimsIdentity = await JwtTokenValidation.AuthenticateRequest(activity, authHeader, new DelegatingCredentialProvider(_credentialFactory), GetChannelProvider(), _authConfiguration, _httpClient).ConfigureAwait(false);
var scope = SkillValidation.IsSkillClaim(claimsIdentity.Claims) ? JwtTokenValidation.GetAppIdFromClaims(claimsIdentity.Claims) : _toChannelFromBotOAuthScope;
var callerId = await GenerateCallerIdAsync(_credentialFactory, claimsIdentity, cancellationToken).ConfigureAwait(false);
var appId = GetAppId(claimsIdentity);
var credentials = await _credentialFactory.CreateCredentialsAsync(appId, scope, _loginEndpoint, true, cancellationToken).ConfigureAwait(false);
return(new AuthenticateRequestResult {
ClaimsIdentity = claimsIdentity, Credentials = credentials, Scope = scope, CallerId = callerId
});
}
/// <summary>
/// Validates the security tokens required by the Bot Framework Protocol. Throws on any exceptions.
/// </summary>
/// <param name="activity">The incoming Activity from the Bot Framework or the Emulator</param>
/// <param name="authHeader">The Bearer token included as part of the request</param>
/// <param name="credentials">The set of valid credentials, such as the Bot Application ID</param>
/// <param name="httpClient">Validating an Activity requires validating the claimset on the security token. This
/// validation may require outbound calls for Endorsement validation and other checks. Those calls are made to
/// TLS services, which are (latency wise) expensive resources. The httpClient passed in here, if shared by the layers
/// above from call to call, enables connection reuse which is a significant performance and resource improvement.</param>
/// <returns>Task tracking operation</returns>
public static async Task AssertValidActivity(IActivity activity, string authHeader, ICredentialProvider credentials, HttpClient httpClient = null)
{
if (string.IsNullOrWhiteSpace(authHeader))
{
// No auth header was sent. We might be on the anonymous code path.
bool isAuthDisabled = await credentials.IsAuthenticationDisabledAsync();
if (isAuthDisabled)
{
// We are on the anonymous code path.
return;
}
}
// Go through the standard authentication path.
await JwtTokenValidation.AuthenticateRequest(activity, authHeader, credentials, httpClient ?? _httpClient);
}
