|
| 1 | +# HowTo: Block all Skill Claims |
| 2 | + |
| 3 | +Write a class that conforms to the `ValidateClaims` interface and throws an exception if the claims are skill claims: |
| 4 | +```python |
| 5 | +class AllowedSkillsClaimsValidator: |
| 6 | + |
| 7 | + config_key = "ALLOWED_CALLERS" |
| 8 | + |
| 9 | + def __init__(self, config: DefaultConfig): |
| 10 | + if not config: |
| 11 | + raise TypeError( |
| 12 | + "AllowedSkillsClaimsValidator: config object cannot be None." |
| 13 | + ) |
| 14 | + |
| 15 | + # ALLOWED_CALLERS is the setting in config.py file |
| 16 | + # that consists of the list of parent bot ids that are allowed to access the skill |
| 17 | + # to add a new parent bot simply go to the AllowedCallers and add |
| 18 | + # the parent bot's microsoft app id to the list |
| 19 | + caller_list = getattr(config, self.config_key) |
| 20 | + if caller_list is None: |
| 21 | + raise TypeError(f'"{self.config_key}" not found in configuration.') |
| 22 | + self._allowed_callers = caller_list |
| 23 | + |
| 24 | + @property |
| 25 | + def claims_validator(self) -> Callable[[List[Dict]], Awaitable]: |
| 26 | + async def allow_callers_claims_validator(claims: Dict[str, object]): |
| 27 | + if skillValidation.is_skill_claim(claims): |
| 28 | + raise PermissionError( |
| 29 | + "Invalid call from a skill." |
| 30 | + ) |
| 31 | + |
| 32 | + return |
| 33 | + |
| 34 | + return allow_callers_claims_validator |
| 35 | +``` |
| 36 | + |
| 37 | +Update `BotFrameworkAdapter` instantiation, to pass the `AuthenticationConfiguration` constructor the function defined above: |
| 38 | +```python |
| 39 | +AUTH_CONFIG = AuthenticationConfiguration( |
| 40 | + claims_validator=AllowedSkillsClaimsValidator(CONFIG).claims_validator |
| 41 | +) |
| 42 | +SETTINGS = BotFrameworkAdapterSettings( |
| 43 | + ..., |
| 44 | + auth_configuration=AUTH_CONFIG, |
| 45 | +) |
| 46 | +ADAPTER = BotFrameworkAdapter( |
| 47 | + ..., |
| 48 | + SETTINGS, |
| 49 | +) |
| 50 | +``` |
0 commit comments