Spaces:
Build error
Build error
File size: 1,995 Bytes
0827183 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# HowTo: Block all Skill Claims
Write a class that conforms to the `ValidateClaims` interface and throws an exception if the claims are skill claims:
```python
class AllowedSkillsClaimsValidator:
config_key = "ALLOWED_CALLERS"
def __init__(self, config: DefaultConfig):
if not config:
raise TypeError(
"AllowedSkillsClaimsValidator: config object cannot be None."
)
# ALLOWED_CALLERS is the setting in config.py file
# that consists of the list of parent bot ids that are allowed to access the skill
# to add a new parent bot simply go to the AllowedCallers and add
# the parent bot's microsoft app id to the list
caller_list = getattr(config, self.config_key)
if caller_list is None:
raise TypeError(f'"{self.config_key}" not found in configuration.')
self._allowed_callers = caller_list
@property
def claims_validator(self) -> Callable[[List[Dict]], Awaitable]:
async def allow_callers_claims_validator(claims: Dict[str, object]):
if skillValidation.is_skill_claim(claims):
raise PermissionError(
"Invalid call from a skill."
)
return
return allow_callers_claims_validator
```
Update `BotFrameworkAdapter` instantiation, to pass the `AuthenticationConfiguration` constructor the function defined above:
```python
AUTH_CONFIG = AuthenticationConfiguration(
claims_validator=AllowedSkillsClaimsValidator(CONFIG).claims_validator
)
SETTINGS = BotFrameworkAdapterSettings(
...,
auth_configuration=AUTH_CONFIG,
)
ADAPTER = BotFrameworkAdapter(
...,
SETTINGS,
)
```
For SingleTenant type bots, the additional issuers must be added based on the tenant id:
```python
AUTH_CONFIG = AuthenticationConfiguration(
claims_validator=AllowedSkillsClaimsValidator(CONFIG).claims_validator,
tenant_id=the_tenant_id
)
```
|