fix: [#4582] UserAssignedIdentity(WorkloadIdentity) auth fails with '…

…scope https://api.botframework.com is not valid' (#4607) * Add scope post-fix in managedIdentityAuthenticator. * Fix unit test
microsoft · Jan 24, 2024 · 23c16dc · 23c16dc
1 parent a0e84e9
commit 23c16dc
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/libraries/botframework-connector/src/auth/managedIdentityAuthenticator.ts b/libraries/botframework-connector/src/auth/managedIdentityAuthenticator.ts
@@ -30,6 +30,11 @@ export class ManagedIdentityAuthenticator {
         ok(resource?.trim(), 'ManagedIdentityAuthenticator.constructor(): missing resource.');
         ok(tokenProviderFactory, 'ManagedIdentityAuthenticator.constructor(): missing tokenProviderFactory.');
 
+        const scopePostfix = '/.default';
+        if (!resource.endsWith(scopePostfix)) {
+            resource = `${resource}${scopePostfix}`;
+        }
+
         this.resource = resource;
         this.tokenProvider = tokenProviderFactory.createAzureServiceTokenProvider(appId);
     }

diff --git a/libraries/botframework-connector/tests/auth/managedIdentityAuthenticator.test.js b/libraries/botframework-connector/tests/auth/managedIdentityAuthenticator.test.js
@@ -6,7 +6,7 @@ const sinon = require('sinon');
 const { JwtTokenProviderFactory, ManagedIdentityAuthenticator } = require('../../lib');
 
 const testAppId = 'foo';
-const testAudience = 'bar';
+const testAudience = 'bar/.default';
 const authResult = {
     token: '123',
     expiresOnTimestamp: 3000,