SSO: AttributeError: 'CloudAdapter' object has no attribute 'exchange_token'

[sarhaang]

Version

Installed using instructions 'Using the SDK locally` in README

Describe the bug

SSO for singe tenant with Cloud Adapter does not work in Teams web/desktop client. Works in Web Chat.

To Reproduce

Steps to reproduce the behavior:

1. Install the repo
2. Enable SSO using https://learn.microsoft.com/en-us/microsoftteams/platform/sbs-bots-with-sso?source=recommendations&tabs=ngrok&tutorial-step=4
3. Upload Manifest and try sending a message to the bot

Expected behavior

SSO was working as of last week but is not working anymore. There was a bot infra outage a few days ago that caused an error when uploading manifest.json on the web/desktop app. Could it be related to that?

Additional context

Fails here:

 elif not getattr(context.adapter, "exchange_token"):
                # Token Exchange not supported in the adapter.
                await context.send_activity(
                    self._get_token_exchange_invoke_response(
                        int(HTTPStatus.BAD_GATEWAY),
                        "The bot's BotAdapter does not support token exchange operations."
                        " Ensure the bot's Adapter supports the ExtendedUserTokenProvider interface.",
                    )
                )

in botbuilder-python/libraries/botbuilder-dialogs/botbuilder/dialogs/prompts/oauth_prompt.py

[tracyboehrer]

Ya. This is a bug. Looks to be missing the equivalent implementation as JS and DotNet SDK's, or even the 'exchange_token' on CloudAdapter as the Python BotFrameworkAdapter has.

[tracyboehrer]

Correction notes:

OAuthPrompt, block starting at line 480 (mentioned above) should likely be removed. This appears to be code for the original implementation. The 'else' statement matches DotNet which uses a UserTokenAccess object to make the correct call for new vs old adapter.

However, UserTokenAccess should be reviewed, especially around TurnState having had a UserTokenClient set.