Bot Framework Composer Skill Host Endpoint 401 Unauthorized

Question

. 。 Answers to this question are eligible for a +100 reputation bounty. TrevorBrooks is looking for an : 寻找：

I need an actual solution and not a workaround.

I have a Bot Framework Skill written with C# which relays messages from a back end service to a Consumer Bot made with Bot Framework Composer. The Skill Bot receives the messages from the backend service on a separate controller api/message/BackendMessage.

[Route("api/message")]
[ApiController]
public class SkillBotBackendController : ControllerBase
{
   ...

When the Skill Bot receives the message, it sends it into the conversation with the Consumer Bot like this...

[HttpPost]
[Route("BackendMessage")]
public async Task PostAsync([FromBody] BackendMessage content)
{
   ...

     await _botFrameworkAdapter.ContinueConversationAsync(
         msAppId,
         conversationRec.ConversationReference,
         (ITurnContext turnContext, CancellationToken cancellationToken) =>
             turnContext.SendActivityAsync(MessageFactory.Text(backendMessage), 
                cancellationToken), default(CancellationToken));

The Consumer Bot can see all of the messages coming directly from the Skill Bot, but not the ones that the Skill Bot receives from the backend service . Here's some ngrok entries that show...

POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/e13d97b4-c715-4572-8d 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/e13d97b4-c715-4572-8d 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK

The messages that are being rejected have a different HttpContext.Request.Headers["Authorization"] token than the other ones, the audience for the accepted token has the app id of the composer bot, the audience on the rejected token is https://api.botframework.com .

Hoping there's an easy explanation and solution.

Answer 1

Thank you Microsoft for this answer:

Add this to the dialog:

private void AddOrUpdateContinuationParameters(ITurnContext turnContext)
{
    var continuationParameters = new ContinuationParameters
    {
        ClaimsIdentity = turnContext.TurnState.Get<IIdentity>(BotAdapter.BotIdentityKey),
        ConversationReference = turnContext.Activity.GetConversationReference(),
        OAuthScope = turnContext.TurnState.Get<string>(BotAdapter.OAuthScopeKey)
    };

        _continuationParametersStore.AddOrUpdate(continuationParameters.ConversationReference.Conversation.Id, continuationParameters, (_, __) => continuationParameters);
}

Change call to ContinueConversationAsync to include continuationParameters:

await _botFrameworkAdapter.ContinueConversationAsync(
          (ClaimsIdentity)continuationParameters.ClaimsIdentity,
          conversationRec.ConversationReference, 
          continuationParameters.OAuthScope, 
          (ITurnContext turnContext, CancellationToken cancellationToken) => turnContext.SendActivityAsync(MessageFactory.Text(backendMessage), cancellationToken),
          default);