microsoft/teams.net

Public

mirrored from https://github.com/microsoft/teams.netAvailable

CodeCommitsIssuesPull requestsActionsInsightsSecurity
samples/repro-da

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/Extensions/TeamsValidationSettings.cs

66lines · modecode

1// Copyright (c) Microsoft Corporation. All rights reserved.
2// Licensed under the MIT License.
3
4using Microsoft.Teams.Api.Auth;
5
6namespace Microsoft.Teams.Plugins.AspNetCore.Extensions;
7
8public class TeamsValidationSettings
9{
10 public string OpenIdMetadataUrl;
11 public List<string> Audiences = [];
12 public List<string> Issuers;
13 public string LoginEndpoint;
14
15 public TeamsValidationSettings() : this(CloudEnvironment.Public)
16 {
17 }
18
19 public TeamsValidationSettings(CloudEnvironment cloud)
20 {
21 LoginEndpoint = cloud.LoginEndpoint;
22 OpenIdMetadataUrl = cloud.OpenIdMetadataUrl;
23 Issuers = [
24 cloud.TokenIssuer,
25 "https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/", // Emulator Auth v3.1, 1.0 token
26 "https://login.microsoftonline.com/d6d49420-f39b-4df7-a1dc-d59a935871db/v2.0", // Emulator Auth v3.1, 2.0 token
27 "https://sts.windows.net/f8cdef31-a31e-4b4a-93e4-5f571e91255a/", // Emulator Auth v3.2, 1.0 token
28 "https://login.microsoftonline.com/f8cdef31-a31e-4b4a-93e4-5f571e91255a/v2.0", // Emulator Auth v3.2, 2.0 token
29 "https://sts.windows.net/69e9b82d-4842-4902-8d1e-abc5b98a55e8/", // Copilot Auth v1.0 token
30 "https://login.microsoftonline.com/69e9b82d-4842-4902-8d1e-abc5b98a55e8/v2.0", // Copilot Auth v2.0 token
31 ];
32 }
33
34 public void AddDefaultAudiences(string ClientId)
35 {
36 if (ClientId is not null && !Audiences.Contains(ClientId))
37 Audiences.Add(ClientId);
38
39 var apiAudience = $"api://{ClientId}";
40 if (ClientId is not null && !Audiences.Contains(apiAudience))
41 Audiences.Add(apiAudience);
42 }
43
44 public IEnumerable<string> GetValidIssuersForTenant(string? tenantId)
45 {
46 var validIssuers = new List<string>();
47 if (!string.IsNullOrEmpty(tenantId))
48 {
49 validIssuers.Add($"{LoginEndpoint}/{tenantId}/");
50 }
51 else
52 {
53 // When no tenant ID is configured, issuer validation will be skipped.
54 // This accepts tokens from any Azure AD tenant.
55 System.Diagnostics.Trace.TraceWarning(
56 "No tenant ID provided for Entra token validation. " +
57 "Issuer validation will be skipped, accepting tokens from any tenant.");
58 }
59 return validIssuers;
60 }
61
62 public string GetTenantSpecificOpenIdMetadataUrl(string? tenantId)
63 {
64 return $"{LoginEndpoint}/{tenantId ?? "common"}/v2.0/.well-known/openid-configuration";
65 }
66}