Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[JavaScript] Add Bot Authentication SNI sample bot #414

Closed

Conversation

JhontSouth
Copy link

#minor

Description

This PR adds a new sample for Javascript_nodejs that shows how to authenticate the Azure bot using the Subject Name/Issuer from MSAL.

Proposed Changes

  • Added the new sample bot-authentication-sni.
  • Added a simple bot conversation to validate the authentication.
  • Added README file with the instructions and information about the sample and how to create a SSL/TSL certificate.

Testing

This image shows the new bot-authentication-sni sample working.
image

README.md Outdated
@@ -185,6 +186,7 @@ A [collection of **experimental** samples](./experimental) exist, intended to pr
[js#81]:samples/javascript_nodejs/81.skills-skilldialog
[js#82]:samples/javascript_nodejs/82.skills-sso-cloudadapter
[js#84]:samples/javascript_nodejs/84.bot-authentication-certificate
[js#85]:samples/javascript_nodejs/84.bot-authentication-sni
Copy link

@ceciliaavila ceciliaavila Oct 10, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change this to the right sample number.

```

1. Then, type _Manage User Certificates_ in the Windows search bar and hit enter
2. The certificate will be in the _user certificates_ folder, under _personal_.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
2. The certificate will be in the _user certificates_ folder, under _personal_.
2. The certificate will be located in the _user certificates_ folder, under _personal_ directory.

1. Run the following command in a local PowerShell

```
$cert = New-SelfSignedCertificate -CertStoreLocation "Cert:\CurrentUser\My" -Subject "CN=sampleAppCert" -KeySpec KeyExchange

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here we should use tags to let the users know which values they need to provide. For example:

Suggested change
$cert = New-SelfSignedCertificate -CertStoreLocation "Cert:\CurrentUser\My" -Subject "CN=sampleAppCert" -KeySpec KeyExchange
$cert = New-SelfSignedCertificate -CertStoreLocation "<directory-to-store-certificate>" -Subject "CN=<certificate-name>" -KeySpec KeyExchange

4. Go to the certificate location and run the following command to generate a _pem_ file:

```
OpenSSL pkcs12 -in sampleAppCert.pfx -out c:\sampleAppCert.pem –nodes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The same here with the tags.

2. Under the Certificates section, hit on Generate/Import, complete the form, and create the certificate in PEM format.
3. Go to the details of the certificate that you created and enable it.
4. Download the certificate in CER format and then upload it to the Azure app registration.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add a section indicating which values to set in the bot's .env file.

"@azure/identity": "^3.3.0",
"@azure/keyvault-certificates": "^4.7.0",
"@azure/keyvault-secrets": "^4.7.0",
"botbuilder": "~4.20.0",

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we target version 4.21.0? It's not published yet, but version 4.20 doesn't contain the MSAL support this sample needs.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or maybe we should use the ^ symbol.

Comment on lines 17 to 18


Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this space is too much.

@@ -1,6 +1,4 @@
MicrosoftAppType=

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should keep the AppType at least. This should work for singletenant.

@JhontSouth
Copy link
Author

Promoted to 3914

@JhontSouth JhontSouth closed this Oct 10, 2023
@JhontSouth JhontSouth deleted the southworks/add/bot-authentication-sn+i-sample branch October 10, 2023 18:37
@JhontSouth JhontSouth restored the southworks/add/bot-authentication-sn+i-sample branch October 10, 2023 18:41
@JhontSouth JhontSouth deleted the southworks/add/bot-authentication-sn+i-sample branch October 10, 2023 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants