Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Bot Framework Composer Skill Host Endpoint 401 Unauthorized

I have a Bot Framework Skill written with C# which relays messages from a back end service to a Consumer Bot made with Bot Framework Composer. The Skill Bot receives the messages from the backend service on a separate controller api/message/BackendMessage.

[Route("api/message")]
[ApiController]
public class SkillBotBackendController : ControllerBase
{
   ...

When the Skill Bot receives the message, it sends it into the conversation with the Consumer Bot like this...

[HttpPost]
[Route("BackendMessage")]
public async Task PostAsync([FromBody] BackendMessage content)
{
   ...

     await _botFrameworkAdapter.ContinueConversationAsync(
         msAppId,
         conversationRec.ConversationReference,
         (ITurnContext turnContext, CancellationToken cancellationToken) =>
             turnContext.SendActivityAsync(MessageFactory.Text(backendMessage), 
                cancellationToken), default(CancellationToken));

The Consumer Bot can see all of the messages coming directly from the Skill Bot, but not the ones that the Skill Bot receives from the backend service. Here's some ngrok entries that show...

POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/e13d97b4-c715-4572-8d 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/e13d97b4-c715-4572-8d 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK

The messages that are being rejected have a different HttpContext.Request.Headers["Authorization"] token than the other ones, the audience for the accepted token has the app id of the composer bot, the audience on the rejected token is https://api.botframework.com.

Hoping there's an easy explanation and solution.

like image 848
TrevorBrooks Avatar asked Oct 06 '21 21:10

TrevorBrooks


1 Answers

Thank you Microsoft for this answer:

Add this to the dialog:

private void AddOrUpdateContinuationParameters(ITurnContext turnContext)
{
    var continuationParameters = new ContinuationParameters
    {
        ClaimsIdentity = turnContext.TurnState.Get<IIdentity>(BotAdapter.BotIdentityKey),
        ConversationReference = turnContext.Activity.GetConversationReference(),
        OAuthScope = turnContext.TurnState.Get<string>(BotAdapter.OAuthScopeKey)
    };

        _continuationParametersStore.AddOrUpdate(continuationParameters.ConversationReference.Conversation.Id, continuationParameters, (_, __) => continuationParameters);
}

Change call to ContinueConversationAsync to include continuationParameters:

await _botFrameworkAdapter.ContinueConversationAsync(
          (ClaimsIdentity)continuationParameters.ClaimsIdentity,
          conversationRec.ConversationReference, 
          continuationParameters.OAuthScope, 
          (ITurnContext turnContext, CancellationToken cancellationToken) => turnContext.SendActivityAsync(MessageFactory.Text(backendMessage), cancellationToken),
          default);
like image 199
TrevorBrooks Avatar answered Oct 19 '22 20:10

TrevorBrooks