From 7340f91fd0038a92da5d1a78267d44ba9d71ca58 Mon Sep 17 00:00:00 2001 From: CeciliaAvila Date: Thu, 27 May 2021 15:30:13 -0300 Subject: [PATCH 1/2] Fix validation order for anonymous skill claims. --- .../botframework/connector/auth/skill_validation.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libraries/botframework-connector/botframework/connector/auth/skill_validation.py b/libraries/botframework-connector/botframework/connector/auth/skill_validation.py index c868d6f62..fb3f7a1a8 100644 --- a/libraries/botframework-connector/botframework/connector/auth/skill_validation.py +++ b/libraries/botframework-connector/botframework/connector/auth/skill_validation.py @@ -65,15 +65,15 @@ def is_skill_claim(claims: Dict[str, object]) -> bool: :param claims: A dict of claims. :return bool: """ - if AuthenticationConstants.VERSION_CLAIM not in claims: - return False - if ( claims.get(AuthenticationConstants.APP_ID_CLAIM, None) == AuthenticationConstants.ANONYMOUS_SKILL_APP_ID ): return True + if AuthenticationConstants.VERSION_CLAIM not in claims: + return False + audience = claims.get(AuthenticationConstants.AUDIENCE_CLAIM) # The audience is https://api.botframework.com and not an appId. From 484af093a9e43fc33074410dc315ec0166694783 Mon Sep 17 00:00:00 2001 From: CeciliaAvila Date: Thu, 27 May 2021 17:01:07 -0300 Subject: [PATCH 2/2] Fix test --- libraries/botframework-connector/tests/test_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/botframework-connector/tests/test_auth.py b/libraries/botframework-connector/tests/test_auth.py index 4e5c94745..a13f433ef 100644 --- a/libraries/botframework-connector/tests/test_auth.py +++ b/libraries/botframework-connector/tests/test_auth.py @@ -59,7 +59,7 @@ class TestAuth: @pytest.mark.asyncio async def test_claims_validation(self): - claims: List[Dict] = [] + claims: List[Dict] = {} default_auth_config = AuthenticationConfiguration() # No validator should pass.