[Bug]: C# - TeamsAttachmentDownloader needs updated `getAccessToken`

[corinagum]

Language

Javascript/Typescript

Version

latest

Description

Related to #1154.

In TeamsAttachmentDownloader, getAccessToken is hardcoded to encode the bot app id. However, this means that any app using a certificate will not work. We need to adjust the logic to support (e.g.) certificate-based authentication. Botbuilder already has methods that support fetching tokens, and that should be used instead. Furthermore, non-public Azure cloud scenarios will not work with getAccessToken because the method is using the hardcoded public url.

teams-ai/js/packages/teams-ai/src/TeamsAttachmentDownloader.ts

Lines 113 to 128 in 8258ca0

	private async getAccessToken(): Promise<string> {
	const headers = {
	'Content-Type': 'application/x-www-form-urlencoded'
	};
	const body = `grant_type=client_credentials&client_id=${encodeURI(
	this._options.botAppId
	)}&client_secret=${encodeURI(
	this._options.botAppPassword
	)}&scope=https%3A%2F%2Fapi.botframework.com%2F.default`;
	const token = await this._httpClient.post<JWTToken>(
	'https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token',
	body,
	{ headers }
	);
	return token.data.access_token;
	}

• Use botbuilder's access token fetcher (lookup name of class) instead of this project's getAccessToken.
• Support all Azure clouds (US Gov, DoD, etc.)

Reproduction Steps

N/A (internally filed)