Skip to content
This repository was archived by the owner on Jan 5, 2026. It is now read-only.

feat: Support Single Tenant authentication through BotFramework-Emulator #6769

Merged
tracyboehrer merged 2 commits into from
Apr 10, 2024
Merged

feat: Support Single Tenant authentication through BotFramework-Emulator #6769

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0755dc6
use dynamic Emulator issuer with tenant id to validate identity
JhontSouth Mar 18, 2024
5bf5963
use auth constants
JhontSouth Apr 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions libraries/Microsoft.Bot.Connector/Authentication/AuthenticationConstants.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,11 @@ public static class AuthenticationConstants
/// </summary>
public const string AnonymousAuthType = "anonymous";

/// <summary>
/// Tenant Id claim name. As used in Microsoft AAD tokens.
/// </summary>
public const string TenantIdClaim = "tid";

/// <summary>
/// Allowed token signing algorithms. Tokens come from channels to the bot. The code
/// that uses this also supports tokens coming from the emulator.
Expand Down
13 changes: 13 additions & 0 deletions libraries/Microsoft.Bot.Connector/Authentication/EmulatorValidation.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
using System.Net.Http;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Tokens;

namespace Microsoft.Bot.Connector.Authentication
Expand Down Expand Up @@ -70,6 +71,18 @@ public static bool IsTokenFromEmulator(string authHeader)
return false;
}

var tenantId = token.Claims.FirstOrDefault(c => c.Type == AuthenticationConstants.TenantIdClaim)?.Value ?? string.Empty;

//Validate if there is an existing issuer with the same tid value.
if (!string.IsNullOrEmpty(tenantId) && !ToBotFromEmulatorTokenValidationParameters.ValidIssuers.Any((issuer) => issuer.Contains(tenantId)))
{
//If the issuer doesn't exist, this is added using the Emulator token issuer structure.
//This allows use of the SingleTenant authentication through Emulator.
var newIssuer = AuthenticationConstants.ValidTokenIssuerUrlTemplateV1.Replace("{0}", tenantId);
ToBotFromEmulatorTokenValidationParameters.ValidIssuers =
ToBotFromEmulatorTokenValidationParameters.ValidIssuers.Concat(new string[] { newIssuer });
}

// Is the token issues by a source we consider to be the emulator?
if (!ToBotFromEmulatorTokenValidationParameters.ValidIssuers.Contains(token.Issuer))
{
Expand Down