Skip to content
This repository was archived by the owner on Jan 5, 2026. It is now read-only.

Commit 29bb50c

Browse files
authored
Throw UnauthorizedAccessException if IsSkillClaim and ClaimsValidator is null. (#4570) (#4579)
1 parent 1ce0561 commit 29bb50c

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

libraries/Microsoft.Bot.Connector/Authentication/JwtTokenValidation.cs

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -183,7 +183,7 @@ public static string GetAppIdFromClaims(IEnumerable<Claim> claims)
183183
/// <param name="authConfig">An <see cref="AuthenticationConfiguration"/> instance.</param>
184184
/// <param name="claims">The list of claims to validate.</param>
185185
/// <returns>A <see cref="Task"/> representing the asynchronous operation.</returns>
186-
/// <exception cref="UnauthorizedAccessException">If the validation returns false.</exception>
186+
/// <exception cref="UnauthorizedAccessException">If the validation returns false, or ClaimsValidator is null and this is a skill claim.</exception>
187187
internal static async Task ValidateClaimsAsync(AuthenticationConfiguration authConfig, IEnumerable<Claim> claims)
188188
{
189189
if (authConfig.ClaimsValidator != null)
@@ -192,6 +192,10 @@ internal static async Task ValidateClaimsAsync(AuthenticationConfiguration authC
192192
var claimsList = claims as IList<Claim> ?? claims.ToList();
193193
await authConfig.ClaimsValidator.ValidateClaimsAsync(claimsList).ConfigureAwait(false);
194194
}
195+
else if (SkillValidation.IsSkillClaim(claims))
196+
{
197+
throw new UnauthorizedAccessException("ClaimsValidator is required for validation of Skill Host calls.");
198+
}
195199
}
196200

197201
/// <summary>

0 commit comments

Comments
 (0)