Support for Bot Framework Auth v3.2 (#3543)

* Support for Bot Framework Auth v3.2
This auth change supports the future move from an independent AAD tenant to the Microsoft Services tenant. This will result in new issuer values being sent and returned, primarily from the emulator code paths. As part of this change, the bot builder version numbers were normalized to 3.10.5.

* Removing support for Bot Framework security protocol v3.0

These are now depricated endpoints.

Author: Jeffders

CSharp/Library/Microsoft.Bot.Builder.Autofac/Properties/AssemblyInfo.cs

@@ -32,8 +32,8 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("3.9.1.0")]
-[assembly: AssemblyFileVersion("3.9.1.0")]
+[assembly: AssemblyVersion("3.10.5.0")]
+[assembly: AssemblyFileVersion("3.10.5.0")]
 
 [assembly: InternalsVisibleTo("Microsoft.Bot.Builder.Tests")]
 [assembly: InternalsVisibleTo("Microsoft.Bot.Sample.Tests")]

CSharp/Library/Microsoft.Bot.Builder/Properties/AssemblyInfo.cs

@@ -33,8 +33,8 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("3.9.1.0")]
-[assembly: AssemblyFileVersion("3.9.1.0")]
+[assembly: AssemblyVersion("3.10.5.0")]
+[assembly: AssemblyFileVersion("3.10.5.0")]
 
 [assembly: InternalsVisibleTo("Microsoft.Bot.Builder.Tests")]
 [assembly: InternalsVisibleTo("Microsoft.Bot.Sample.Tests")]

CSharp/Library/Microsoft.Bot.Connector.NetFramework/Properties/AssemblyInfo.cs

@@ -30,5 +30,5 @@
 //
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
-[assembly: AssemblyVersion("3.9.1.0")]
-[assembly: AssemblyFileVersion("3.9.1.0")]
+[assembly: AssemblyVersion("3.10.5.0")]
+[assembly: AssemblyFileVersion("3.10.5.0")]

CSharp/Library/Microsoft.Bot.Connector.Shared/JwtConfig.cs

@@ -59,7 +59,12 @@ public static class JwtConfig
             new TokenValidationParameters()
             {
                 ValidateIssuer = true,
-                ValidIssuers = new[] { "https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/", "https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/", "https://login.microsoftonline.com/d6d49420-f39b-4df7-a1dc-d59a935871db/v2.0" },
+                ValidIssuers = new[] {
+                    "https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/",                    // Auth v3.1, 1.0 token
+                    "https://login.microsoftonline.com/d6d49420-f39b-4df7-a1dc-d59a935871db/v2.0",      // Auth v3.1, 2.0 token
+                    "https://sts.windows.net/f8cdef31-a31e-4b4a-93e4-5f571e91255a/",                    // Auth v3.2, 1.0 token
+                    "https://login.microsoftonline.com/f8cdef31-a31e-4b4a-93e4-5f571e91255a/v2.0"       // Auth v3.2, 2.0 token
+                },
                 // Audience validation takes place in JwtTokenExtractor
                 ValidateAudience = false,
                 ValidateLifetime = true,

CSharp/Library/Microsoft.Bot.Connector.Shared/JwtTokenExtractor.cs

@@ -173,7 +173,7 @@ public string GetAppIdFromEmulatorClaimsIdentity(ClaimsIdentity identity)
             if (appIdClaim == null)
                 return null;
 
-            // v3.1 emulator token
+            // v3.1 or v3.2 emulator token
             if (identity.Claims.Any(c => c.Type == "aud" && c.Value == appIdClaim.Value))
                 return appIdClaim.Value;
 

Node/core/lib/bots/ChatConnector.js

@@ -23,18 +23,16 @@ var ChatConnector = (function () {
                 botConnectorOpenIdMetadata: this.settings.openIdMetadata || 'https://login.botframework.com/v1/.well-known/openidconfiguration',
                 botConnectorIssuer: 'https://api.botframework.com',
                 botConnectorAudience: this.settings.appId,
-                msaOpenIdMetadata: 'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration',
-                msaIssuer: 'https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/',
-                msaAudience: 'https://graph.microsoft.com',
                 emulatorOpenIdMetadata: 'https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration',
                 emulatorAudience: this.settings.appId,
-                emulatorIssuerV1: 'https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/',
-                emulatorIssuerV2: 'https://login.microsoftonline.com/d6d49420-f39b-4df7-a1dc-d59a935871db/v2.0',
+                emulatorAuthV31IssuerV1: 'https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/',
+                emulatorAuthV31IssuerV2: 'https://login.microsoftonline.com/d6d49420-f39b-4df7-a1dc-d59a935871db/v2.0',
+                emulatorAuthV32IssuerV1: 'https://sts.windows.net/f8cdef31-a31e-4b4a-93e4-5f571e91255a/',
+                emulatorAuthV32IssuerV2: 'https://login.microsoftonline.com/f8cdef31-a31e-4b4a-93e4-5f571e91255a/v2.0',
                 stateEndpoint: this.settings.stateEndpoint || 'https://state.botframework.com'
             };
         }
         this.botConnectorOpenIdMetadata = new OpenIdMetadata_1.OpenIdMetadata(this.settings.endpoint.botConnectorOpenIdMetadata);
-        this.msaOpenIdMetadata = new OpenIdMetadata_1.OpenIdMetadata(this.settings.endpoint.msaOpenIdMetadata);
         this.emulatorOpenIdMetadata = new OpenIdMetadata_1.OpenIdMetadata(this.settings.endpoint.emulatorOpenIdMetadata);
     }
     ChatConnector.prototype.listen = function () {
@@ -71,48 +69,45 @@ var ChatConnector = (function () {
             var verifyOptions;
             var openIdMetadata;
             var algorithms = ['RS256', 'RS384', 'RS512'];
-            if (isEmulator && decoded_1.payload.iss == this.settings.endpoint.msaIssuer) {
-                openIdMetadata = this.msaOpenIdMetadata;
-                verifyOptions = {
-                    algorithms: algorithms,
-                    issuer: this.settings.endpoint.msaIssuer,
-                    audience: this.settings.endpoint.msaAudience,
-                    clockTolerance: 300
-                };
-            }
-            else if (isEmulator && decoded_1.payload.ver === '1.0' && decoded_1.payload.iss == this.settings.endpoint.emulatorIssuerV1) {
-                openIdMetadata = this.emulatorOpenIdMetadata;
-                verifyOptions = {
-                    algorithms: algorithms,
-                    issuer: this.settings.endpoint.emulatorIssuerV1,
-                    audience: this.settings.endpoint.emulatorAudience,
-                    clockTolerance: 300
-                };
-            }
-            else if (isEmulator && decoded_1.payload.ver === '2.0' && decoded_1.payload.iss == this.settings.endpoint.emulatorIssuerV2) {
-                openIdMetadata = this.emulatorOpenIdMetadata;
-                verifyOptions = {
-                    algorithms: algorithms,
-                    issuer: this.settings.endpoint.emulatorIssuerV2,
-                    audience: this.settings.endpoint.emulatorAudience,
-                    clockTolerance: 300
-                };
+            if (isEmulator) {
+                if ((decoded_1.payload.ver === '2.0' && decoded_1.payload.azp !== this.settings.appId) ||
+                    (decoded_1.payload.ver !== '2.0' && decoded_1.payload.appid !== this.settings.appId)) {
+                    logger.error('ChatConnector: receive - invalid token. Requested by unexpected app ID.');
+                    res.status(403);
+                    res.end();
+                    return;
+                }
+                var issuer = void 0;
+                if (decoded_1.payload.ver === '1.0' && decoded_1.payload.iss == this.settings.endpoint.emulatorAuthV31IssuerV1) {
+                    issuer = this.settings.endpoint.emulatorAuthV31IssuerV1;
+                }
+                else if (decoded_1.payload.ver === '2.0' && decoded_1.payload.iss == this.settings.endpoint.emulatorAuthV31IssuerV2) {
+                    issuer = this.settings.endpoint.emulatorAuthV31IssuerV2;
+                }
+                else if (decoded_1.payload.ver === '1.0' && decoded_1.payload.iss == this.settings.endpoint.emulatorAuthV32IssuerV1) {
+                    issuer = this.settings.endpoint.emulatorAuthV32IssuerV1;
+                }
+                else if (decoded_1.payload.ver === '2.0' && decoded_1.payload.iss == this.settings.endpoint.emulatorAuthV32IssuerV2) {
+                    issuer = this.settings.endpoint.emulatorAuthV32IssuerV2;
+                }
+                if (issuer) {
+                    openIdMetadata = this.emulatorOpenIdMetadata;
+                    verifyOptions = {
+                        algorithms: algorithms,
+                        issuer: issuer,
+                        audience: this.settings.endpoint.emulatorAudience,
+                        clockTolerance: 300
+                    };
+                }
             }
-            else {
+            if (!verifyOptions) {
                 openIdMetadata = this.botConnectorOpenIdMetadata;
                 verifyOptions = {
                     issuer: this.settings.endpoint.botConnectorIssuer,
                     audience: this.settings.endpoint.botConnectorAudience,
                     clockTolerance: 300
                 };
             }
-            if (isEmulator && ((decoded_1.payload.ver === '2.0' && decoded_1.payload.azp !== this.settings.appId) ||
-                (decoded_1.payload.ver !== '2.0' && decoded_1.payload.appid !== this.settings.appId))) {
-                logger.error('ChatConnector: receive - invalid token. Requested by unexpected app ID.');
-                res.status(403);
-                res.end();
-                return;
-            }
             openIdMetadata.getKey(decoded_1.header.kid, function (key) {
                 if (key) {
                     try {

Node/core/lib/bots/Library.js

@@ -471,13 +471,13 @@ var Library = (function (_super) {
     Library.prototype.logPrefix = function () {
         return 'Library("' + this.name + '")';
     };
-    Library.RouteTypes = {
-        GlobalAction: 'GlobalAction',
-        StackAction: 'StackAction',
-        ActiveDialog: 'ActiveDialog'
-    };
     return Library;
 }(events_1.EventEmitter));
+Library.RouteTypes = {
+    GlobalAction: 'GlobalAction',
+    StackAction: 'StackAction',
+    ActiveDialog: 'ActiveDialog'
+};
 exports.Library = Library;
 exports.systemLib = new Library(consts.Library.system);
 exports.systemLib.localePath(path.join(__dirname, '../locale/'));

Node/core/lib/deprecated/LegacyPrompts.js

@@ -249,19 +249,19 @@ var LegacyPrompts = (function (_super) {
             }
         }
     };
-    LegacyPrompts.options = {
-        recognizer: new SimplePromptRecognizer(),
-        promptAfterAction: true
-    };
-    LegacyPrompts.defaultRetryPrompt = {
-        text: "default_text",
-        number: "default_number",
-        confirm: "default_confirm",
-        choice: "default_choice",
-        time: "default_time",
-        attachment: "default_file"
-    };
     return LegacyPrompts;
 }(Dialog_1.Dialog));
+LegacyPrompts.options = {
+    recognizer: new SimplePromptRecognizer(),
+    promptAfterAction: true
+};
+LegacyPrompts.defaultRetryPrompt = {
+    text: "default_text",
+    number: "default_number",
+    confirm: "default_confirm",
+    choice: "default_choice",
+    time: "default_time",
+    attachment: "default_file"
+};
 exports.LegacyPrompts = LegacyPrompts;
 Library_1.systemLib.dialog('BotBuilder:Prompts', new LegacyPrompts());

Node/core/lib/dialogs/EntityRecognizer.js

@@ -211,11 +211,11 @@ var EntityRecognizer = (function () {
             return [choices.toString()];
         }
     };
-    EntityRecognizer.dateExp = /^\d{4}-\d{2}-\d{2}/i;
-    EntityRecognizer.yesExp = /^(1|y|yes|yep|sure|ok|true)(\W|$)/i;
-    EntityRecognizer.noExp = /^(2|n|no|nope|not|false)(\W|$)/i;
-    EntityRecognizer.numberExp = /[+-]?(?:\d+\.?\d*|\d*\.?\d+)/;
-    EntityRecognizer.ordinalWords = 'first|second|third|fourth|fifth|sixth|seventh|eigth|ninth|tenth';
     return EntityRecognizer;
 }());
+EntityRecognizer.dateExp = /^\d{4}-\d{2}-\d{2}/i;
+EntityRecognizer.yesExp = /^(1|y|yes|yep|sure|ok|true)(\W|$)/i;
+EntityRecognizer.noExp = /^(2|n|no|nope|not|false)(\W|$)/i;
+EntityRecognizer.numberExp = /[+-]?(?:\d+\.?\d*|\d*\.?\d+)/;
+EntityRecognizer.ordinalWords = 'first|second|third|fourth|fifth|sixth|seventh|eigth|ninth|tenth';
 exports.EntityRecognizer = EntityRecognizer;

Node/core/lib/dialogs/PromptRecognizers.js

@@ -263,11 +263,11 @@ var PromptRecognizers = (function () {
         if (min === void 0) { min = 0.5; }
         return Math.min(min + (entity.length / utterance.length), max);
     };
-    PromptRecognizers.numOrdinals = {};
-    PromptRecognizers.expCache = {};
-    PromptRecognizers.choiceCache = {};
     return PromptRecognizers;
 }());
+PromptRecognizers.numOrdinals = {};
+PromptRecognizers.expCache = {};
+PromptRecognizers.choiceCache = {};
 exports.PromptRecognizers = PromptRecognizers;
 function matchAll(exp, text) {
     exp.lastIndex = 0;

Node/core/package.json

@@ -2,7 +2,7 @@
   "name": "botbuilder",
   "author": "Microsoft Corp.",
   "description": "Bot Builder is a dialog system for building rich bots on virtually any platform.",
-  "version": "3.10.2",
+  "version": "3.10.5",
   "license": "MIT",
   "keywords": [
     "botbuilder",