Replace CloudEnvironment with MSAL-aligned Instance property for sovereign cloud support#357
Draft
Copilot wants to merge 5 commits intofeature/sovereign-cloud-supportfrom
Draft
Replace CloudEnvironment with MSAL-aligned Instance property for sovereign cloud support#357Copilot wants to merge 5 commits intofeature/sovereign-cloud-supportfrom
Copilot wants to merge 5 commits intofeature/sovereign-cloud-supportfrom
Conversation
8 tasks
…oach Remove static preset instances (USGov, USGovDoD, China, Public) and FromName() from CloudEnvironment. Make constructor use default parameter values matching existing public cloud defaults. Remove Cloud string property from TeamsSettings. All sovereign cloud configuration now comes from appsettings.json endpoint properties or programmatic CloudEnvironment construction. Addresses review feedback from rido-min: don't hardcode Entra URLs we don't own in the codebase. Co-authored-by: rido-min <14916339+rido-min@users.noreply.github.com>
Contributor
Author
|
Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details. Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Copilot
AI
changed the title
[WIP] Add sovereign cloud support for GCCH, DoD, and China
Remove hardcoded sovereign cloud presets, use configuration-only approach
Feb 27, 2026
Remove the CloudEnvironment class and all its usages across the codebase. Revert ClientCredentials, App, AppOptions, TeamsSettings, TeamsValidationSettings, BotTokenClient, UserTokenClient, BotSignInClient, and both HostApplicationBuilder files to their original state with hardcoded public cloud defaults. The SDK should not duplicate the configuration schema offered by MSAL/Microsoft Identity Web. Cloud endpoint configuration should follow the AzureAd configuration pattern described in the Microsoft Identity Web wiki. Co-authored-by: rido-min <14916339+rido-min@users.noreply.github.com>
Copilot
AI
changed the title
Remove hardcoded sovereign cloud presets, use configuration-only approach
Remove CloudEnvironment class — duplicates MSAL configuration
Feb 27, 2026
Follow the Microsoft Identity Web configuration schema by adding an Instance property to TeamsSettings and ClientCredentials. This allows overriding the Entra ID login endpoint for sovereign clouds (e.g., https://login.microsoftonline.us for US Gov) through appsettings.json: "Teams": { "Instance": "https://login.microsoftonline.us", "TenantId": "...", "ClientId": "...", "ClientSecret": "..." } The Instance property flows through to: - ClientCredentials.Resolve() for token acquisition - TeamsValidationSettings for issuer and OpenID metadata URLs Co-authored-by: rido-min <14916339+rido-min@users.noreply.github.com>
Co-authored-by: rido-min <14916339+rido-min@users.noreply.github.com>
Copilot
AI
changed the title
Remove CloudEnvironment class — duplicates MSAL configuration
Replace CloudEnvironment with MSAL-aligned Instance property for sovereign cloud support
Feb 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CloudEnvironmentduplicated configuration already offered by MSAL. Replaced with anInstanceproperty following the Microsoft Identity Web configuration schema.Removed
CloudEnvironmentclass and its testsCloudproperty fromAppOptions,ClientCredentials,TeamsSettingsResolveCloud()and per-endpoint override properties fromTeamsSettingsHostApplicationBuilderextensionsAdded
Instanceproperty onTeamsSettings,ClientCredentials, andTeamsValidationSettingshttps://login.microsoftonline.com(public cloud)ClientCredentialsandTeamsValidationSettingsInstance behaviorUsage
Override the Entra ID login endpoint for sovereign clouds via
appsettings.json:{ "Teams": { "Instance": "https://login.microsoftonline.us", "TenantId": "...", "ClientId": "...", "ClientSecret": "..." } }Or programmatically:
Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
token.botframework.com/usr/share/dotnet/dotnet /usr/share/dotnet/dotnet exec --runtimeconfig /home/REDACTED/work/teams.net/teams.net/Tests/Microsoft.Teams.Apps.Tests/bin/Debug/net8.0/Microsoft.Teams.Apps.Tests.runtimeconfig.json --depsfile /home/REDACTED/work/teams.net/teams.net/Tests/Microsoft.Teams.Apps.Tests/bin/Debug/net8.0/Microsoft.Teams.Apps.Tests.deps.json /home/REDACTED/work/teams.net/teams.net/Tests/Microsoft.Teams.Apps.Tests/bin/Debug/net8.0/testhost.dll --port 42727 --endpoint 127.0.0.1:042727 --role client --parentprocessid 5673 --telemetryoptedin false(dns block)/usr/share/dotnet/dotnet /usr/share/dotnet/dotnet exec --runtimeconfig /home/REDACTED/work/teams.net/teams.net/Tests/Microsoft.Teams.Apps.Tests/bin/Debug/net10.0/Microsoft.Teams.Apps.Tests.runtimeconfig.json --depsfile /home/REDACTED/work/teams.net/teams.net/Tests/Microsoft.Teams.Apps.Tests/bin/Debug/net10.0/Microsoft.Teams.Apps.Tests.deps.json /home/REDACTED/work/teams.net/teams.net/Tests/Microsoft.Teams.Apps.Tests/bin/Debug/net10.0/testhost.dll --port 32931 --endpoint 127.0.0.1:032931 --role client --parentprocessid 5666 --telemetryoptedin false(dns block)If you need me to access, download, or install something from one of these locations, you can either:
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.