Teams SSO and OAuth fixes (#2226) (#2228)

* Fixed Teams SSO & OAuth

* Formatting

---------

Co-authored-by: Tracy Boehrer <[email protected]>

Author: tracyboehrer

libraries/botbuilder-adapters-slack/requirements.txt

@@ -1,4 +1,4 @@
-aiohttp==3.10.11
+aiohttp
 pyslack
 botbuilder-core==4.17.0
 slackclient

libraries/botbuilder-ai/setup.py

@@ -8,7 +8,7 @@
     "azure-cognitiveservices-language-luis==0.2.0",
     "botbuilder-schema==4.17.0",
     "botbuilder-core==4.17.0",
-    "aiohttp==3.10.11",
+    "aiohttp>=3.10,<4.0",
 ]
 
 TESTS_REQUIRES = ["aiounittest>=1.1.0"]

libraries/botbuilder-core/botbuilder/core/__init__.py

@@ -48,6 +48,7 @@
 from .user_state import UserState
 from .register_class_middleware import RegisterClassMiddleware
 from .adapter_extensions import AdapterExtensions
+from .serializer_helper import serializer_helper
 
 __all__ = [
     "ActivityHandler",
@@ -100,5 +101,6 @@
     "TurnContext",
     "UserState",
     "UserTokenProvider",
+    "serializer_helper",
     "__version__",
 ]

libraries/botbuilder-core/botbuilder/core/activity_handler.py

@@ -478,12 +478,19 @@ async def on_invoke_activity(  # pylint: disable=unused-argument
             if (
                 turn_context.activity.name
                 == SignInConstants.verify_state_operation_name
-                or turn_context.activity.name
-                == SignInConstants.token_exchange_operation_name
             ):
                 await self.on_sign_in_invoke(turn_context)
                 return self._create_invoke_response()
 
+            # This is for back-compat with previous versions of Python SDK.  This method does not
+            # exist in the C# SDK, and is not used in the Python SDK.
+            if (
+                turn_context.activity.name
+                == SignInConstants.token_exchange_operation_name
+            ):
+                await self.on_teams_signin_token_exchange(turn_context)
+                return self._create_invoke_response()
+
             if turn_context.activity.name == "adaptiveCard/action":
                 invoke_value = self._get_adaptive_card_invoke_value(
                     turn_context.activity

libraries/botbuilder-core/botbuilder/core/teams/teams_activity_handler.py

@@ -56,13 +56,6 @@ async def on_invoke_activity(self, turn_context: TurnContext) -> InvokeResponse:
             ):
                 return await self.on_teams_card_action_invoke(turn_context)
 
-            if (
-                turn_context.activity.name
-                == SignInConstants.token_exchange_operation_name
-            ):
-                await self.on_teams_signin_token_exchange(turn_context)
-                return self._create_invoke_response()
-
             if turn_context.activity.name == "fileConsent/invoke":
                 return await self.on_teams_file_consent(
                     turn_context,
@@ -250,7 +243,9 @@ async def on_teams_signin_verify_state(self, turn_context: TurnContext):
         raise _InvokeResponseException(status_code=HTTPStatus.NOT_IMPLEMENTED)
 
     async def on_teams_signin_token_exchange(self, turn_context: TurnContext):
-        raise _InvokeResponseException(status_code=HTTPStatus.NOT_IMPLEMENTED)
+        # This is for back-compat with previous versions of Python SDK.  This method does not
+        # exist in the C# SDK, and is not used in the Python SDK.
+        return await self.on_teams_signin_verify_state(turn_context)
 
     async def on_teams_file_consent(
         self,

libraries/botbuilder-core/botbuilder/core/teams/teams_sso_token_exchange_middleware.py

@@ -26,6 +26,7 @@
     StoreItem,
     TurnContext,
 )
+from botframework.connector.auth.user_token_client import UserTokenClient
 
 
 class _TokenStoreItem(StoreItem):
@@ -147,17 +148,29 @@ async def _exchanged_token(self, turn_context: TurnContext) -> bool:
         token_exchange_response: TokenResponse = None
         aux_dict = {}
         if turn_context.activity.value:
-            for prop in ["id", "connection_name", "token", "properties"]:
+            for prop in ["id", "connectionName", "token", "properties"]:
                 aux_dict[prop] = turn_context.activity.value.get(prop)
         token_exchange_request = TokenExchangeInvokeRequest(
             id=aux_dict["id"],
-            connection_name=aux_dict["connection_name"],
+            connection_name=aux_dict["connectionName"],
             token=aux_dict["token"],
             properties=aux_dict["properties"],
         )
         try:
             adapter = turn_context.adapter
-            if isinstance(turn_context.adapter, ExtendedUserTokenProvider):
+
+            user_token_client: UserTokenClient = turn_context.turn_state.get(
+                UserTokenClient.__name__, None
+            )
+            if user_token_client:
+                # If the adapter has UserTokenClient, use it to exchange the token.
+                token_exchange_response = await user_token_client.exchange_token(
+                    turn_context.activity.from_property.id,
+                    token_exchange_request.connection_name,
+                    turn_context.activity.channel_id,
+                    TokenExchangeRequest(token=token_exchange_request.token),
+                )
+            elif isinstance(turn_context.adapter, ExtendedUserTokenProvider):
                 token_exchange_response = await adapter.exchange_token(
                     turn_context,
                     self._oauth_connection_name,

libraries/botbuilder-dialogs/botbuilder/dialogs/prompts/oauth_prompt.py

@@ -341,6 +341,13 @@ async def _send_oauth_card(
                     if sign_in_resource.token_exchange_resource
                     else None
                 )
+
+                json_token_ex_post = (
+                    sign_in_resource.token_post_resource.as_dict()
+                    if sign_in_resource.token_post_resource
+                    else None
+                )
+
                 prompt.attachments.append(
                     CardFactory.oauth_card(
                         OAuthCard(
@@ -355,6 +362,7 @@ async def _send_oauth_card(
                                 )
                             ],
                             token_exchange_resource=json_token_ex_resource,
+                            token_post_resource=json_token_ex_post,
                         )
                     )
                 )

libraries/botbuilder-integration-aiohttp/botbuilder/integration/aiohttp/cloud_adapter.py

@@ -1,6 +1,8 @@
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the MIT License.
 
+import json
+
 from typing import Awaitable, Callable, Optional
 
 from aiohttp.web import (
@@ -17,6 +19,7 @@
     Bot,
     CloudAdapterBase,
     InvokeResponse,
+    serializer_helper,
     TurnContext,
 )
 from botbuilder.core.streaming import (
@@ -102,7 +105,8 @@ async def process(
                 # Write the response, serializing the InvokeResponse
                 if invoke_response:
                     return json_response(
-                        data=invoke_response.body, status=invoke_response.status
+                        data=serializer_helper(invoke_response.body),
+                        status=invoke_response.status,
                     )
                 return Response(status=201)
             else:

libraries/botbuilder-integration-aiohttp/requirements.txt

@@ -1,4 +1,4 @@
 msrest== 0.7.*
 botframework-connector==4.17.0
 botbuilder-schema==4.17.0
-aiohttp==3.10.11
+aiohttp==3.*.*

libraries/botbuilder-integration-aiohttp/setup.py

@@ -10,7 +10,7 @@
     "botframework-connector==4.17.0",
     "botbuilder-core==4.17.0",
     "yarl>=1.8.1",
-    "aiohttp==3.10.11",
+    "aiohttp>=3.10,<4.0",
 ]
 
 root = os.path.abspath(os.path.dirname(__file__))