OAuthPrompt timeout doesn't work in Teams

[navzam]

Version

4.8.0

Describe the bug

OAuthPromptSettings has a Timeout that you can set to control how much time the user has to complete the auth flow. But in Teams, the timeout doesn't work. The authentication flow succeeds and gives a token even after the timeout duration has passed.

I'm guessing this is because the timeout logic only applies on message activities, which excludes the Teams invoke activity (see OAuthPrompt.cs):

var isMessage = dc.Context.Activity.Type == ActivityTypes.Message;
var hasTimedOut = isMessage && (DateTime.Compare(DateTime.Now, expires) > 0);

To Reproduce

Steps to reproduce the behavior:

1. Set up the Teams authentication sample (46.teams-auth)
2. Change the OAuthPrompt timeout to a smaller value, like 60000 (1 minute)
3. Run the sample and make the bot send the sign in card, but don't click "Sign In" yet
4. Wait for the timeout duration (or longer for good measure)
5. Click "Sign In" and complete the auth flow
6. The OAuthPrompt succeeds and your bot gets a valid token

Expected behavior

I expected the OAuthPrompt to not return a token and for Azure Bot Service to not persist the token.

Screenshots

N/A

Additional context

N/A

[bug]

[gabog]

TODO: repro this issue and create feature rollups and ports if we can repro.

[cleemullins]

@clearab to sync with @gabog on status update.