Bot Framework Composer Skill Host Endpoint 401 Unauthorized

Question

I have a Bot Framework Skill written with C# which relays messages from a back end service to a Consumer Bot made with Bot Framework Composer. The Skill Bot receives the messages from the backend service on a separate controller api/message/BackendMessage.

[Route("api/message")]
[ApiController]
public class SkillBotBackendController : ControllerBase
{
   ...

When the Skill Bot receives the message, it sends it into the conversation with the Consumer Bot like this...

[HttpPost]
[Route("BackendMessage")]
public async Task PostAsync([FromBody] BackendMessage content)
{
   ...

     await _botFrameworkAdapter.ContinueConversationAsync(
         msAppId,
         conversationRec.ConversationReference,
         (ITurnContext turnContext, CancellationToken cancellationToken) =>
             turnContext.SendActivityAsync(MessageFactory.Text(backendMessage), 
                cancellationToken), default(CancellationToken));

The Consumer Bot can see all of the messages coming directly from the Skill Bot, but not the ones that the Skill Bot receives from the backend service. Here's some ngrok entries that show...

POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/e13d97b4-c715-4572-8d 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/e13d97b4-c715-4572-8d 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK

The messages that are being rejected have a different HttpContext.Request.Headers["Authorization"] token than the other ones, the audience for the accepted token has the app id of the composer bot, the audience on the rejected token is https://api.botframework.com.

Hoping there's an easy explanation and solution.

Answer 1

Thank you Microsoft for this answer:

Add this to the dialog:

private void AddOrUpdateContinuationParameters(ITurnContext turnContext)
{
    var continuationParameters = new ContinuationParameters
    {
        ClaimsIdentity = turnContext.TurnState.Get<IIdentity>(BotAdapter.BotIdentityKey),
        ConversationReference = turnContext.Activity.GetConversationReference(),
        OAuthScope = turnContext.TurnState.Get<string>(BotAdapter.OAuthScopeKey)
    };

        _continuationParametersStore.AddOrUpdate(continuationParameters.ConversationReference.Conversation.Id, continuationParameters, (_, __) => continuationParameters);
}

Change call to ContinueConversationAsync to include continuationParameters:

await _botFrameworkAdapter.ContinueConversationAsync(
          (ClaimsIdentity)continuationParameters.ClaimsIdentity,
          conversationRec.ConversationReference, 
          continuationParameters.OAuthScope, 
          (ITurnContext turnContext, CancellationToken cancellationToken) => turnContext.SendActivityAsync(MessageFactory.Text(backendMessage), cancellationToken),
          default);