microsoft / botbuilder-dotnet

Welcome to the Bot Framework SDK for .NET repository, which is the home for the libraries and packages that enable developers to build sophisticated bot applications using .NET.
https://github.com/Microsoft/botframework
MIT License
872 stars 482 forks source link

FederatedAppCredentials and factory (DO NOT MERGE) #6829

Closed tracyboehrer closed 3 months ago

tracyboehrer commented 3 months ago

Fixes #6828

1) Deploy multi or single tenant bot (eg, ARM templates or manually) 2) Create ManagedIdentity, record the Client ID and the Object ID 3) Add ManagedIdentity to the App Service "Identity" tab 4) In App Registration, under "Certificates & secrets", add a new Federated Credential 1) Scenario is "Other issuer" 2) Issuer: "https://login.microsoftonline.com/{tenantId}/v2.0" 3) Subject: {msi-object-id} 5) In appsettings, update:

In Startup.cs, add:

services.AddSingleton<ServiceClientCredentialsFactory>(
    new FederatedServiceClientCredentialsFactory(_configuration["MicrosoftAppId"], _configuration["MicrosoftAppClientId"], _configuration["MicrosoftAppTenantId"]));

There will need to be a follow-on PR/commit to integrate this with ConfigurationServiceClientCredentialFactory to make it config based.