microsoft/teams.net
Publicmirrored from https://github.com/microsoft/teams.netAvailable
Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/Extensions/TeamsValidationSettings.cs
66lines · modecode
| 1 | // Copyright (c) Microsoft Corporation. All rights reserved. |
| 2 | // Licensed under the MIT License. |
| 3 | |
| 4 | using Microsoft.Teams.Api.Auth; |
| 5 | |
| 6 | namespace Microsoft.Teams.Plugins.AspNetCore.Extensions; |
| 7 | |
| 8 | public class TeamsValidationSettings |
| 9 | { |
| 10 | public string OpenIdMetadataUrl; |
| 11 | public List<string> Audiences = []; |
| 12 | public List<string> Issuers; |
| 13 | public string LoginEndpoint; |
| 14 | |
| 15 | public TeamsValidationSettings() : this(CloudEnvironment.Public) |
| 16 | { |
| 17 | } |
| 18 | |
| 19 | public TeamsValidationSettings(CloudEnvironment cloud) |
| 20 | { |
| 21 | LoginEndpoint = cloud.LoginEndpoint; |
| 22 | OpenIdMetadataUrl = cloud.OpenIdMetadataUrl; |
| 23 | Issuers = [ |
| 24 | cloud.TokenIssuer, |
| 25 | "https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/", // Emulator Auth v3.1, 1.0 token |
| 26 | "https://login.microsoftonline.com/d6d49420-f39b-4df7-a1dc-d59a935871db/v2.0", // Emulator Auth v3.1, 2.0 token |
| 27 | "https://sts.windows.net/f8cdef31-a31e-4b4a-93e4-5f571e91255a/", // Emulator Auth v3.2, 1.0 token |
| 28 | "https://login.microsoftonline.com/f8cdef31-a31e-4b4a-93e4-5f571e91255a/v2.0", // Emulator Auth v3.2, 2.0 token |
| 29 | "https://sts.windows.net/69e9b82d-4842-4902-8d1e-abc5b98a55e8/", // Copilot Auth v1.0 token |
| 30 | "https://login.microsoftonline.com/69e9b82d-4842-4902-8d1e-abc5b98a55e8/v2.0", // Copilot Auth v2.0 token |
| 31 | ]; |
| 32 | } |
| 33 | |
| 34 | public void AddDefaultAudiences(string ClientId) |
| 35 | { |
| 36 | if (ClientId is not null && !Audiences.Contains(ClientId)) |
| 37 | Audiences.Add(ClientId); |
| 38 | |
| 39 | var apiAudience = $"api://{ClientId}"; |
| 40 | if (ClientId is not null && !Audiences.Contains(apiAudience)) |
| 41 | Audiences.Add(apiAudience); |
| 42 | } |
| 43 | |
| 44 | public IEnumerable<string> GetValidIssuersForTenant(string? tenantId) |
| 45 | { |
| 46 | var validIssuers = new List<string>(); |
| 47 | if (!string.IsNullOrEmpty(tenantId)) |
| 48 | { |
| 49 | validIssuers.Add($"{LoginEndpoint}/{tenantId}/"); |
| 50 | } |
| 51 | else |
| 52 | { |
| 53 | // When no tenant ID is configured, issuer validation will be skipped. |
| 54 | // This accepts tokens from any Azure AD tenant. |
| 55 | System.Diagnostics.Trace.TraceWarning( |
| 56 | "No tenant ID provided for Entra token validation. " + |
| 57 | "Issuer validation will be skipped, accepting tokens from any tenant."); |
| 58 | } |
| 59 | return validIssuers; |
| 60 | } |
| 61 | |
| 62 | public string GetTenantSpecificOpenIdMetadataUrl(string? tenantId) |
| 63 | { |
| 64 | return $"{LoginEndpoint}/{tenantId ?? "common"}/v2.0/.well-known/openid-configuration"; |
| 65 | } |
| 66 | } |