Throw UnauthorizedAccessException if IsSkillClaim and ClaimsValidator is null. (#4570)

2020-09-03 11:58:41 -07:00 · 2020-09-03 11:58:41 -07:00 · 9f8e8b1621
--- a/libraries/Microsoft.Bot.Connector/Authentication/JwtTokenValidation.cs
+++ b/libraries/Microsoft.Bot.Connector/Authentication/JwtTokenValidation.cs
@ -183,7 +183,7 @@ namespace Microsoft.Bot.Connector.Authentication
        /// <param name="authConfig">An <see cref="AuthenticationConfiguration"/> instance.</param>
        /// <param name="claims">The list of claims to validate.</param>
        /// <returns>A <see cref="Task"/> representing the asynchronous operation.</returns>
-        /// <exception cref="UnauthorizedAccessException">If the validation returns false.</exception>
+        /// <exception cref="UnauthorizedAccessException">If the validation returns false, or ClaimsValidator is null and this is a skill claim.</exception>
        internal static async Task ValidateClaimsAsync(AuthenticationConfiguration authConfig, IEnumerable<Claim> claims)
        {
            if (authConfig.ClaimsValidator != null)
@ -192,6 +192,10 @@ namespace Microsoft.Bot.Connector.Authentication
                var claimsList = claims as IList<Claim> ?? claims.ToList();
                await authConfig.ClaimsValidator.ValidateClaimsAsync(claimsList).ConfigureAwait(false);
            }
+            else if (SkillValidation.IsSkillClaim(claims))
+            {
+                throw new UnauthorizedAccessException("ClaimsValidator is required for validation of Skill Host calls.");
+            }
        }

        /// <summary>