rusty0209
diff --git a/‎libraries/botframework-connector/botframework/connector/auth/__init__.py
Lines changed: 5 additions & 2 deletions b/‎libraries/botframework-connector/botframework/connector/auth/__init__.py
Lines changed: 5 additions & 2 deletions
diff --git a/‎libraries/botframework-connector/botframework/connector/auth/authentication_configuration.py
Lines changed: 7 additions & 2 deletions b/‎libraries/botframework-connector/botframework/connector/auth/authentication_configuration.py
Lines changed: 7 additions & 2 deletions
diff --git a/‎libraries/botframework-connector/botframework/connector/auth/channel_provider.py
Lines changed: 24 additions & 0 deletions b/‎libraries/botframework-connector/botframework/connector/auth/channel_provider.py
Lines changed: 24 additions & 0 deletions
diff --git a/‎libraries/botframework-connector/botframework/connector/auth/emulator_validation.py
Lines changed: 10 additions & 5 deletions b/‎libraries/botframework-connector/botframework/connector/auth/emulator_validation.py
Lines changed: 10 additions & 5 deletions
diff --git a/‎libraries/botframework-connector/botframework/connector/auth/enterprise_channel_validation.py
Lines changed: 13 additions & 3 deletions b/‎libraries/botframework-connector/botframework/connector/auth/enterprise_channel_validation.py
Lines changed: 13 additions & 3 deletions
diff --git a/‎libraries/botframework-connector/botframework/connector/auth/jwt_token_validation.py
Lines changed: 71 additions & 39 deletions b/‎libraries/botframework-connector/botframework/connector/auth/jwt_token_validation.py
Lines changed: 71 additions & 39 deletions
diff --git a/‎libraries/botframework-connector/botframework/connector/auth/simple_channel_provider.py
Lines changed: 25 additions & 0 deletions b/‎libraries/botframework-connector/botframework/connector/auth/simple_channel_provider.py
Lines changed: 25 additions & 0 deletions
diff --git a/‎libraries/botframework-connector/botframework/connector/auth/skill_validation.py
Lines changed: 9 additions & 3 deletions b/‎libraries/botframework-connector/botframework/connector/auth/skill_validation.py
Lines changed: 9 additions & 3 deletions
@@ -9,12 +9,15 @@
 # regenerated.
 # --------------------------------------------------------------------------
 # pylint: disable=missing-docstring
-
+from .government_constants import *
+from .channel_provider import *
+from .simple_channel_provider import *
 from .microsoft_app_credentials import *
+from .claims_identity import *
 from .jwt_token_validation import *
 from .credential_provider import *
 from .channel_validation import *
 from .emulator_validation import *
 from .jwt_token_extractor import *
-from .government_constants import *
 from .authentication_constants import *
+from .authentication_configuration import *
@@ -1,9 +1,14 @@
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the MIT License.
 
-from typing import List
+from typing import Awaitable, Callable, Dict, List
 
 
 class AuthenticationConfiguration:
-    def __init__(self, required_endorsements: List[str] = None):
+    def __init__(
+        self,
+        required_endorsements: List[str] = None,
+        claims_validator: Callable[[List[Dict]], Awaitable] = None,
+    ):
         self.required_endorsements = required_endorsements or []
+        self.claims_validator = claims_validator
@@ -0,0 +1,24 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+from abc import ABC, abstractmethod
+
+
+class ChannelProvider(ABC):
+    """
+    ChannelProvider interface. This interface allows Bots to provide their own
+    implementation for the configuration parameters to connect to a Bot.
+    Framework channel service.
+    """
+
+    @abstractmethod
+    async def get_channel_service(self) -> str:
+        raise NotImplementedError()
+
+    @abstractmethod
+    def is_government(self) -> bool:
+        raise NotImplementedError()
+
+    @abstractmethod
+    def is_public_azure(self) -> bool:
+        raise NotImplementedError()
@@ -2,6 +2,8 @@
 # Licensed under the MIT License.
 
 import asyncio
+from typing import Union
+
 import jwt
 
 from .jwt_token_extractor import JwtTokenExtractor
@@ -10,6 +12,7 @@
 from .credential_provider import CredentialProvider
 from .claims_identity import ClaimsIdentity
 from .government_constants import GovernmentConstants
+from .channel_provider import ChannelProvider
 
 
 class EmulatorValidation:
@@ -82,7 +85,7 @@ def is_token_from_emulator(auth_header: str) -> bool:
     async def authenticate_emulator_token(
         auth_header: str,
         credentials: CredentialProvider,
-        channel_service: str,
+        channel_service_or_provider: Union[str, ChannelProvider],
         channel_id: str,
     ) -> ClaimsIdentity:
         """ Validate the incoming Auth Header
@@ -101,12 +104,14 @@ async def authenticate_emulator_token(
         # pylint: disable=import-outside-toplevel
         from .jwt_token_validation import JwtTokenValidation
 
+        if isinstance(channel_service_or_provider, ChannelProvider):
+            is_gov = channel_service_or_provider.is_government()
+        else:
+            is_gov = JwtTokenValidation.is_government(channel_service_or_provider)
+
         open_id_metadata = (
             GovernmentConstants.TO_BOT_FROM_EMULATOR_OPEN_ID_METADATA_URL
-            if (
-                channel_service is not None
-                and JwtTokenValidation.is_government(channel_service)
-            )
+            if is_gov
             else Constants.TO_BOT_FROM_EMULATOR_OPEN_ID_METADATA_URL
         )
 
 
@@ -2,10 +2,12 @@
 # Licensed under the MIT License.
 
 from abc import ABC
+from typing import Union
 
 from .authentication_configuration import AuthenticationConfiguration
 from .authentication_constants import AuthenticationConstants
 from .channel_validation import ChannelValidation
+from .channel_provider import ChannelProvider
 from .claims_identity import ClaimsIdentity
 from .credential_provider import CredentialProvider
 from .jwt_token_extractor import JwtTokenExtractor
@@ -26,9 +28,13 @@ async def authenticate_channel_token(
         auth_header: str,
         credentials: CredentialProvider,
         channel_id: str,
-        channel_service: str,
+        channel_service_or_provider: Union[str, ChannelProvider],
         auth_configuration: AuthenticationConfiguration = None,
     ) -> ClaimsIdentity:
+        channel_service = channel_service_or_provider
+        if isinstance(channel_service_or_provider, ChannelProvider):
+            channel_service = await channel_service_or_provider.get_channel_service()
+
         endpoint = (
             ChannelValidation.open_id_metadata_endpoint
             if ChannelValidation.open_id_metadata_endpoint
@@ -55,11 +61,15 @@ async def authenticate_channel_token_with_service_url(
         credentials: CredentialProvider,
         service_url: str,
         channel_id: str,
-        channel_service: str,
+        channel_service_or_provider: Union[str, ChannelProvider],
         auth_configuration: AuthenticationConfiguration = None,
     ) -> ClaimsIdentity:
         identity: ClaimsIdentity = await EnterpriseChannelValidation.authenticate_channel_token(
-            auth_header, credentials, channel_id, channel_service, auth_configuration
+            auth_header,
+            credentials,
+            channel_id,
+            channel_service_or_provider,
+            auth_configuration,
         )
 
         service_url_claim: str = identity.get_claim_value(
 
@@ -1,6 +1,6 @@
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the MIT License.
-from typing import Dict
+from typing import Dict, List, Union
 
 from botbuilder.schema import Activity
 
@@ -15,6 +15,7 @@
 from .government_constants import GovernmentConstants
 from .government_channel_validation import GovernmentChannelValidation
 from .skill_validation import SkillValidation
+from .channel_provider import ChannelProvider
 
 
 class JwtTokenValidation:
@@ -25,7 +26,7 @@ async def authenticate_request(
         activity: Activity,
         auth_header: str,
         credentials: CredentialProvider,
-        channel_service: str = "",
+        channel_service_or_provider: Union[str, ChannelProvider] = "",
     ) -> ClaimsIdentity:
         """Authenticates the request and sets the service url in the set of trusted urls.
         :param activity: The incoming Activity from the Bot Framework or the Emulator
@@ -51,7 +52,7 @@ async def authenticate_request(
         claims_identity = await JwtTokenValidation.validate_auth_header(
             auth_header,
             credentials,
-            channel_service,
+            channel_service_or_provider,
             activity.channel_id,
             activity.service_url,
         )
@@ -65,71 +66,102 @@ async def authenticate_request(
     async def validate_auth_header(
         auth_header: str,
         credentials: CredentialProvider,
-        channel_service: str,
+        channel_service_or_provider: Union[str, ChannelProvider],
         channel_id: str,
         service_url: str = None,
         auth_configuration: AuthenticationConfiguration = None,
     ) -> ClaimsIdentity:
         if not auth_header:
             raise ValueError("argument auth_header is null")
 
-        if SkillValidation.is_skill_token(auth_header):
-            return await SkillValidation.authenticate_channel_token(
-                auth_header,
-                credentials,
-                channel_service,
-                channel_id,
-                auth_configuration,
-            )
-
-        if EmulatorValidation.is_token_from_emulator(auth_header):
-            return await EmulatorValidation.authenticate_emulator_token(
-                auth_header, credentials, channel_service, channel_id
-            )
-
-        # If the channel is Public Azure
-        if not channel_service:
-            if service_url:
-                return await ChannelValidation.authenticate_channel_token_with_service_url(
+        async def get_claims() -> ClaimsIdentity:
+            if SkillValidation.is_skill_token(auth_header):
+                return await SkillValidation.authenticate_channel_token(
                     auth_header,
                     credentials,
-                    service_url,
+                    channel_service_or_provider,
                     channel_id,
                     auth_configuration,
                 )
 
-            return await ChannelValidation.authenticate_channel_token(
-                auth_header, credentials, channel_id, auth_configuration
+            if EmulatorValidation.is_token_from_emulator(auth_header):
+                return await EmulatorValidation.authenticate_emulator_token(
+                    auth_header, credentials, channel_service_or_provider, channel_id
+                )
+
+            is_public = (
+                not channel_service_or_provider
+                or isinstance(channel_service_or_provider, ChannelProvider)
+                and channel_service_or_provider.is_public_azure()
             )
+            is_gov = (
+                isinstance(channel_service_or_provider, ChannelProvider)
+                and channel_service_or_provider.is_public_azure()
+                or isinstance(channel_service_or_provider, str)
+                and JwtTokenValidation.is_government(channel_service_or_provider)
+            )
+
+            # If the channel is Public Azure
+            if is_public:
+                if service_url:
+                    return await ChannelValidation.authenticate_channel_token_with_service_url(
+                        auth_header,
+                        credentials,
+                        service_url,
+                        channel_id,
+                        auth_configuration,
+                    )
+
+                return await ChannelValidation.authenticate_channel_token(
+                    auth_header, credentials, channel_id, auth_configuration
+                )
 
-        if JwtTokenValidation.is_government(channel_service):
+            if is_gov:
+                if service_url:
+                    return await GovernmentChannelValidation.authenticate_channel_token_with_service_url(
+                        auth_header,
+                        credentials,
+                        service_url,
+                        channel_id,
+                        auth_configuration,
+                    )
+
+                return await GovernmentChannelValidation.authenticate_channel_token(
+                    auth_header, credentials, channel_id, auth_configuration
+                )
+
+            # Otherwise use Enterprise Channel Validation
             if service_url:
-                return await GovernmentChannelValidation.authenticate_channel_token_with_service_url(
+                return await EnterpriseChannelValidation.authenticate_channel_token_with_service_url(
                     auth_header,
                     credentials,
                     service_url,
                     channel_id,
+                    channel_service_or_provider,
                     auth_configuration,
                 )
 
-            return await GovernmentChannelValidation.authenticate_channel_token(
-                auth_header, credentials, channel_id, auth_configuration
-            )
-
-        # Otherwise use Enterprise Channel Validation
-        if service_url:
-            return await EnterpriseChannelValidation.authenticate_channel_token_with_service_url(
+            return await EnterpriseChannelValidation.authenticate_channel_token(
                 auth_header,
                 credentials,
-                service_url,
                 channel_id,
-                channel_service,
+                channel_service_or_provider,
                 auth_configuration,
             )
 
-        return await EnterpriseChannelValidation.authenticate_channel_token(
-            auth_header, credentials, channel_id, channel_service, auth_configuration
-        )
+        claims = await get_claims()
+
+        if claims:
+            await JwtTokenValidation.validate_claims(auth_configuration, claims.claims)
+
+        return claims
+
+    @staticmethod
+    async def validate_claims(
+        auth_config: AuthenticationConfiguration, claims: List[Dict]
+    ):
+        if auth_config and auth_config.claims_validator:
+            await auth_config.claims_validator(claims)
 
     @staticmethod
     def is_government(channel_service: str) -> bool:
 
@@ -0,0 +1,25 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+from .channel_provider import ChannelProvider
+from .government_constants import GovernmentConstants
+
+
+class SimpleChannelProvider(ChannelProvider):
+    """
+    ChannelProvider interface. This interface allows Bots to provide their own
+    implementation for the configuration parameters to connect to a Bot.
+    Framework channel service.
+    """
+
+    def __init__(self, channel_service: str = None):
+        self.channel_service = channel_service
+
+    async def get_channel_service(self) -> str:
+        return self.channel_service
+
+    def is_government(self) -> bool:
+        return self.channel_service == GovernmentConstants.CHANNEL_SERVICE
+
+    def is_public_azure(self) -> bool:
+        return not self.channel_service
@@ -2,7 +2,7 @@
 # Licensed under the MIT License.
 
 from datetime import timedelta
-from typing import Dict
+from typing import Dict, Union
 
 import jwt
 
@@ -13,6 +13,7 @@
 from .government_constants import GovernmentConstants
 from .verify_options import VerifyOptions
 from .jwt_token_extractor import JwtTokenExtractor
+from .channel_provider import ChannelProvider
 
 
 class SkillValidation:
@@ -88,7 +89,7 @@ def is_skill_claim(claims: Dict[str, object]) -> bool:
     async def authenticate_channel_token(
         auth_header: str,
         credentials: CredentialProvider,
-        channel_service: str,
+        channel_service_or_provider: Union[str, ChannelProvider],
         channel_id: str,
         auth_configuration: AuthenticationConfiguration,
     ) -> ClaimsIdentity:
@@ -99,9 +100,14 @@ async def authenticate_channel_token(
 
         from .jwt_token_validation import JwtTokenValidation
 
+        if isinstance(channel_service_or_provider, ChannelProvider):
+            is_gov = channel_service_or_provider.is_government()
+        else:
+            is_gov = JwtTokenValidation.is_government(channel_service_or_provider)
+
         open_id_metadata_url = (
             GovernmentConstants.TO_BOT_FROM_EMULATOR_OPEN_ID_METADATA_URL
-            if channel_service and JwtTokenValidation.is_government(channel_service)
+            if is_gov
             else AuthenticationConstants.TO_BOT_FROM_EMULATOR_OPEN_ID_METADATA_URL
         )