Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Custom OAuthEndpoint doesn't work as documented

See original GitHub issue

Version

Microsoft.Bot.Builder.Integration.AspNet.Core 4.19.3

Describe the bug

The documentation says this is how to configure the OAuth-URL “for public-cloud bots with data residency in Europe”:

string uri = "https://europe.api.botframework.com";
MicrosoftAppCredentials.TrustServiceUrl(uri);
OAuthClientConfig.OAuthEndpoint = uri;

This actually does nothing. It will still connect to https://api.botframework.com instead and will obviously fail if your Azure bot is configured to be accessible for West Europe.

To Reproduce

Steps to reproduce the behavior: Do as the documentation says.

Expected behavior

Bot will never try to contact the international DirectLine API but instead alwas uses the European one.

Additional context

Here is a workaround (using reflection) that mitigates this problem:

Create a new class like this:

public class CustomBotFrameworkAuthentication : ConfigurationBotFrameworkAuthentication
{
    public CustomBotFrameworkAuthentication(IConfiguration configuration,
        ServiceClientCredentialsFactory? credentialsFactory = null,
        AuthenticationConfiguration? authConfiguration = null, IHttpClientFactory? httpClientFactory = null,
        ILogger? logger = null) : base(configuration, credentialsFactory, authConfiguration, httpClientFactory, logger)
    {
        var inner = (BotFrameworkAuthentication)typeof(ConfigurationBotFrameworkAuthentication)
            .GetField("_inner", BindingFlags.Instance | BindingFlags.NonPublic)!.GetValue(this)!;
        inner.GetType().BaseType!.GetField("_oauthEndpoint", BindingFlags.Instance | BindingFlags.NonPublic)!
            .SetValue(inner, "https://europe.api.botframework.com");
    }
}

And register it using DI:

builder.Services.AddSingleton<BotFrameworkAuthentication, CustomBotFrameworkAuthentication>();

There is actually a way to configure OAuthUrl in the configuration file and have BotFrameworkAuthenticationFactory create a ParameterizedBotFrameworkAuthentication for you, that will allow you to specify things like custom endpoints. This needs additional configuration parameters though and there is no documentation available whatsoever.

Issue Analytics

  • State:closed
  • Created 6 months ago
  • Comments:6

github_iconTop GitHub Comments

2reactions
ceciliaavilacommented, Apr 4, 2023

Hi everyone, we reproduced this issue and if it’s ok, we’ll work on finding a solution. Thanks.

1reaction
AndyCrosscommented, Apr 29, 2023

<del>I’ve a very similar problem, the settings don’t work however. Visiting NGROK tells me that I have forbidden errors, with a JWT set with an iss as “api.botframework.com”. Are the above settings verified as correct? </del>

Update

The trailing slashes are invalid in @ceciliaavila 's post.

  "MicrosoftAppType": "",
  "MicrosoftAppId": "<your-app-id>",
  "MicrosoftAppPassword": "<your-app-secret>",
  "MicrosoftAppTenantId": "",
  "ConnectionName": "<your-connection-name>",
  "OAuthUrl": "https://europe.api.botframework.com",
  "BotOpenIdMetadata": "https://login.botframework.com/v1/.well-known/openidconfiguration",
  "ValidateAuthority": "true",
  "ToChannelFromBotLoginUrl": "https://login.microsoftonline.com/botframework.com",
  "ToChannelFromBotOAuthScope": "https://api.botframework.com",
  "ToBotFromChannelTokenIssuer": "https://api.botframework.com",
  "ToBotFromChannelOpenIdMetadataUrl": "https://login.botframework.com/v1/.well-known/openidconfiguration",
  "ToBotFromEmulatorOpenIdMetadataUrl": "https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration",
  "CallerId": "urn:botframework:azure"
Read more comments on GitHub >

github_iconTop Results From Across the Web

Troubleshoot OAuth 2.0
OAuth 2.0 is a secure but complicated authentication pattern. Many customers report OAuth issues with their custom connectors because their ...
Read more >
Using OAuth 2.0 for Web Server Applications | Authorization
This document explains how web server applications use Google API Client Libraries or Google OAuth 2.0 endpoints to implement OAuth 2.0 authorization to ......
Read more >
OAuth 2.0 for Client-side Web Applications | Authorization
This document explains how to implement OAuth 2.0 authorization to access Google APIs ... Add form to page and submit it to open...
Read more >
Setting up OAuth 2.0 integration
Configure OAuth 2.0 for Google, Microsoft, or your own custom server · Go to Jira administration > System > OAuth 2.0. · Select...
Read more >
Configure generic OAuth2 authentication
Consult the documentation of your OAuth2 provider for more information. Steps. To integrate your OAuth2 provider with Grafana using our generic OAuth2 ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

beachball not updating package-lock.json version field when publishing

Next page

Concurrency issue with TimeZoneConverter