From 23c16dcbcf2e6bc939080f9848b4bf2cfca0a9f1 Mon Sep 17 00:00:00 2001 From: Cecilia Avila <44245136+ceciliaavila@users.noreply.github.com> Date: Wed, 24 Jan 2024 14:43:12 +0000 Subject: [PATCH] fix: [#4582] UserAssignedIdentity(WorkloadIdentity) auth fails with 'scope https://api.botframework.com is not valid' (#4607) * Add scope post-fix in managedIdentityAuthenticator. * Fix unit test --- .../src/auth/managedIdentityAuthenticator.ts | 5 +++++ .../tests/auth/managedIdentityAuthenticator.test.js | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/libraries/botframework-connector/src/auth/managedIdentityAuthenticator.ts b/libraries/botframework-connector/src/auth/managedIdentityAuthenticator.ts index ae2ae8df0a..d2ee95b333 100644 --- a/libraries/botframework-connector/src/auth/managedIdentityAuthenticator.ts +++ b/libraries/botframework-connector/src/auth/managedIdentityAuthenticator.ts @@ -30,6 +30,11 @@ export class ManagedIdentityAuthenticator { ok(resource?.trim(), 'ManagedIdentityAuthenticator.constructor(): missing resource.'); ok(tokenProviderFactory, 'ManagedIdentityAuthenticator.constructor(): missing tokenProviderFactory.'); + const scopePostfix = '/.default'; + if (!resource.endsWith(scopePostfix)) { + resource = `${resource}${scopePostfix}`; + } + this.resource = resource; this.tokenProvider = tokenProviderFactory.createAzureServiceTokenProvider(appId); } diff --git a/libraries/botframework-connector/tests/auth/managedIdentityAuthenticator.test.js b/libraries/botframework-connector/tests/auth/managedIdentityAuthenticator.test.js index 89d39440c2..2236e9c625 100644 --- a/libraries/botframework-connector/tests/auth/managedIdentityAuthenticator.test.js +++ b/libraries/botframework-connector/tests/auth/managedIdentityAuthenticator.test.js @@ -6,7 +6,7 @@ const sinon = require('sinon'); const { JwtTokenProviderFactory, ManagedIdentityAuthenticator } = require('../../lib'); const testAppId = 'foo'; -const testAudience = 'bar'; +const testAudience = 'bar/.default'; const authResult = { token: '123', expiresOnTimestamp: 3000,