Add v3.1 auth support to the emulator

src/server/botFrameworkAuthentication.ts

@@ -31,17 +31,17 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-import { getSettings, authenticationSettings } from './settings';
+import { getSettings, authenticationSettings, v30AuthenticationSettings } from './settings';
 import * as jwt from 'jsonwebtoken';
 import * as oid from './OpenIdMetadata';
 import * as Restify from 'restify';
 
 
 export class BotFrameworkAuthentication {
-    private msaOpenIdMetadata: oid.OpenIdMetadata;
+    private openIdMetadata: oid.OpenIdMetadata;
 
     constructor() {
-        this.msaOpenIdMetadata = new oid.OpenIdMetadata(authenticationSettings.msaOpenIdMetadata);
+        this.openIdMetadata = new oid.OpenIdMetadata(v30AuthenticationSettings.openIdMetadata);
     }
 
     public verifyBotFramework = (req: Restify.Request, res: Restify.Response, next: Restify.Next): void => {
@@ -57,21 +57,33 @@ export class BotFrameworkAuthentication {
         if (token) {
 
             let decoded = jwt.decode(token, { complete: true });
-            this.msaOpenIdMetadata.getKey(decoded.header.kid, key => {
+            this.openIdMetadata.getKey(decoded.header.kid, key => {
                 if (key) {
                     try {
                         let verifyOptions = {
                             jwtId: activeBot.botId,
-                            issuer: authenticationSettings.msaIssuer,
-                            audience: authenticationSettings.msaAudience,
+                            issuer: authenticationSettings.tokenIssuer,
+                            audience: authenticationSettings.tokenAudience,
                             clockTolerance: 300
                         };
 
                         jwt.verify(token, key, verifyOptions);
                     } catch (err) {
-                        res.status(401);
-                        res.end();
-                        return;
+                        try {
+                            // fall back to v3.0 token characteristics
+                            let verifyOptions = {
+                                jwtId: activeBot.botId,
+                                issuer: v30AuthenticationSettings.tokenIssuer,
+                                audience: v30AuthenticationSettings.tokenAudience,
+                                clockTolerance: 300
+                            };
+
+                            jwt.verify(token, key, verifyOptions);
+                        } catch (err2) {
+                            res.status(401);
+                            res.end();
+                            return;
+                        }
                     }
 
                     next();
@@ -90,6 +102,4 @@ export class BotFrameworkAuthentication {
             res.end();
         }
     }
-
-}
-
+}

src/server/conversationManager.ts

@@ -38,7 +38,7 @@ import { IUser } from '../types/userTypes';
 import { IConversationAccount } from '../types/accountTypes';
 import { IActivity, IConversationUpdateActivity, IMessageActivity, IContactRelationUpdateActivity, ITypingActivity } from '../types/activityTypes';
 import { uniqueId } from '../utils';
-import { dispatch, getSettings, authenticationSettings, addSettingsListener } from './settings';
+import { dispatch, getSettings, authenticationSettings, v30AuthenticationSettings, addSettingsListener } from './settings';
 import { Settings } from '../types/serverSettingsTypes';
 import * as jwt from 'jsonwebtoken';
 import * as oid from './OpenIdMetadata';
@@ -318,14 +318,15 @@ export class Conversation {
             // Refresh access token
             let opt: request.OptionsWithUrl = {
                 method: 'POST',
-                url: authenticationSettings.refreshEndpoint,
+                url: v30AuthenticationSettings.tokenEndpoint,
                 form: {
                     grant_type: 'client_credentials',
                     client_id: bot.msaAppId,
                     client_secret: bot.msaPassword,
-                    scope: authenticationSettings.refreshScope
+                    scope: v30AuthenticationSettings.tokenScope
                 }
             };
+
             request(opt, (err, response, body) => {
                 if (!err) {
                     if (body && response.statusCode < 300) {

src/server/settings.ts

@@ -142,10 +142,18 @@ export const startup = () => {
 }
 
 export const authenticationSettings = {
-    refreshEndpoint: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
-    refreshScope: 'https://graph.microsoft.com/.default',
-    msaOpenIdMetadata: 'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration',
-    msaIssuer: 'https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/',
-    msaAudience: 'https://graph.microsoft.com',
+    tokenEndpoint: 'https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token',
+    openIdMetadata: 'https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration',
+    tokenIssuer: 'https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/',
+    tokenAudience: 'https://api.botframework.com',
+    stateEndpoint: 'https://state.botframework.com'
+}
+
+export const v30AuthenticationSettings = {
+    tokenEndpoint: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
+    tokenScope: 'https://graph.microsoft.com/.default',
+    openIdMetadata: 'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration',
+    tokenIssuer: 'https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/',
+    tokenAudience: 'https://graph.microsoft.com',
     stateEndpoint: 'https://state.botframework.com'
 }