Skip to content

Replace CloudEnvironment with MSAL-aligned Instance property for sovereign cloud support #357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Copilot wants to merge 5 commits into
base: feature/sovereign-cloud-support
Choose a base branch
from
+190 −472
Draft

Replace CloudEnvironment with MSAL-aligned Instance property for sovereign cloud support #357

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d86d2a7
Initial plan
Copilot Feb 27, 2026
80d2e86
Remove hardcoded sovereign cloud presets, use configuration-only appr…
Copilot Feb 27, 2026
c791fd7
Remove CloudEnvironment class entirely, revert to pre-PR state
Copilot Feb 27, 2026
faf2630
Add Instance property for sovereign cloud Entra ID URL configuration
Copilot Feb 27, 2026
995d56d
Address code review: use property for Instance, improve test naming
Copilot Feb 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 9 additions & 3 deletions Libraries/Microsoft.Teams.Api/Auth/ClientCredentials.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,12 @@ public class ClientCredentials : IHttpCredentials
public string ClientId { get; set; }
public string ClientSecret { get; set; }
public string? TenantId { get; set; }
public CloudEnvironment Cloud { get; set; } = CloudEnvironment.Public;

/// <summary>
/// The Entra ID login endpoint, following the Microsoft Identity Web configuration schema.
/// Override this for sovereign clouds (e.g. "https://login.microsoftonline.us" for US Gov).
/// </summary>
public string Instance { get; set; } = "https://login.microsoftonline.com";

public ClientCredentials(string clientId, string clientSecret)
{
Expand All @@ -27,9 +32,10 @@ public ClientCredentials(string clientId, string clientSecret, string? tenantId)

public async Task<ITokenResponse> Resolve(IHttpClient client, string[] scopes, CancellationToken cancellationToken = default)
{
var tenantId = TenantId ?? Cloud.LoginTenant;
var tenantId = TenantId ?? "botframework.com";
var instance = Instance.TrimEnd('/');
var request = HttpRequest.Post(
$"{Cloud.LoginEndpoint}/{tenantId}/oauth2/v2.0/token"
$"{instance}/{tenantId}/oauth2/v2.0/token"
);

request.Headers.Add("Content-Type", ["application/x-www-form-urlencoded"]);
Expand Down
175 changes: 0 additions & 175 deletions Libraries/Microsoft.Teams.Api/Auth/CloudEnvironment.cs
View file
Open in desktop

This file was deleted.

6 changes: 2 additions & 4 deletions Libraries/Microsoft.Teams.Api/Clients/BotSignInClient.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,6 @@ namespace Microsoft.Teams.Api.Clients;

public class BotSignInClient : Client
{
public string TokenServiceUrl { get; set; } = "https://token.botframework.com";

public BotSignInClient() : base()
{

Expand All @@ -33,7 +31,7 @@ public async Task<string> GetUrlAsync(GetUrlRequest request)
{
var query = QueryString.Serialize(request);
var req = HttpRequest.Get(
$"{TokenServiceUrl}/api/botsignin/GetSignInUrl?{query}"
$"https://token.botframework.com/api/botsignin/GetSignInUrl?{query}"
);

var res = await _http.SendAsync(req, _cancellationToken);
Expand All @@ -44,7 +42,7 @@ public async Task<string> GetUrlAsync(GetUrlRequest request)
{
var query = QueryString.Serialize(request);
var req = HttpRequest.Get(
$"{TokenServiceUrl}/api/botsignin/GetSignInResource?{query}"
$"https://token.botframework.com/api/botsignin/GetSignInResource?{query}"
);

var res = await _http.SendAsync<SignIn.UrlResponse>(req, _cancellationToken);
Expand Down
3 changes: 1 addition & 2 deletions Libraries/Microsoft.Teams.Api/Clients/BotTokenClient.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,8 @@ namespace Microsoft.Teams.Api.Clients;

public class BotTokenClient : Client
{
public static readonly string DefaultBotScope = "https://api.botframework.com/.default";
public static readonly string BotScope = "https://api.botframework.com/.default";
public static readonly string GraphScope = "https://graph.microsoft.com/.default";
public string BotScope { get; set; } = DefaultBotScope;

public BotTokenClient() : this(default)
{
Expand Down
12 changes: 5 additions & 7 deletions Libraries/Microsoft.Teams.Api/Clients/UserTokenClient.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,6 @@ namespace Microsoft.Teams.Api.Clients;

public class UserTokenClient : Client
{
public string TokenServiceUrl { get; set; } = "https://token.botframework.com";

private readonly JsonSerializerOptions _jsonSerializerOptions = new()
{
DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull
Expand Down Expand Up @@ -40,31 +38,31 @@ public UserTokenClient(IHttpClientFactory factory, CancellationToken cancellatio
public async Task<Token.Response> GetAsync(GetTokenRequest request)
{
var query = QueryString.Serialize(request);
var req = HttpRequest.Get($"{TokenServiceUrl}/api/usertoken/GetToken?{query}");
var req = HttpRequest.Get($"https://token.botframework.com/api/usertoken/GetToken?{query}");
var res = await _http.SendAsync<Token.Response>(req, _cancellationToken);
return res.Body;
}

public async Task<IDictionary<string, Token.Response>> GetAadAsync(GetAadTokenRequest request)
{
var query = QueryString.Serialize(request);
var req = HttpRequest.Post($"{TokenServiceUrl}/api/usertoken/GetAadTokens?{query}", body: request);
var req = HttpRequest.Post($"https://token.botframework.com/api/usertoken/GetAadTokens?{query}", body: request);
var res = await _http.SendAsync<IDictionary<string, Token.Response>>(req, _cancellationToken);
return res.Body;
}

public async Task<IList<Token.Status>> GetStatusAsync(GetTokenStatusRequest request)
{
var query = QueryString.Serialize(request);
var req = HttpRequest.Get($"{TokenServiceUrl}/api/usertoken/GetTokenStatus?{query}");
var req = HttpRequest.Get($"https://token.botframework.com/api/usertoken/GetTokenStatus?{query}");
var res = await _http.SendAsync<IList<Token.Status>>(req, _cancellationToken);
return res.Body;
}

public async Task SignOutAsync(SignOutRequest request)
{
var query = QueryString.Serialize(request);
var req = HttpRequest.Delete($"{TokenServiceUrl}/api/usertoken/SignOut?{query}");
var req = HttpRequest.Delete($"https://token.botframework.com/api/usertoken/SignOut?{query}");
await _http.SendAsync(req, _cancellationToken);
}

Expand All @@ -81,7 +79,7 @@ public async Task SignOutAsync(SignOutRequest request)
// This is required for the Bot Framework Token Service to process the request correctly.
var body = JsonSerializer.Serialize(request.GetBody(), _jsonSerializerOptions);

var req = HttpRequest.Post($"{TokenServiceUrl}/api/usertoken/exchange?{query}", body);
var req = HttpRequest.Post($"https://token.botframework.com/api/usertoken/exchange?{query}", body);
req.Headers.Add("Content-Type", new List<string>() { "application/json" });

var res = await _http.SendAsync<Token.Response>(req, _cancellationToken);
Expand Down
7 changes: 1 addition & 6 deletions Libraries/Microsoft.Teams.Apps/App.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,6 @@ internal string UserAgent

public App(AppOptions? options = null)
{
var cloud = options?.Cloud ?? CloudEnvironment.Public;

Logger = options?.Logger ?? new ConsoleLogger();
Storage = options?.Storage ?? new LocalStorage<object>();
Credentials = options?.Credentials;
Expand All @@ -79,7 +77,7 @@ public App(AppOptions? options = null)

if (Token.IsExpired)
{
var res = Credentials.Resolve(TokenClient, [.. Token.Scopes.DefaultIfEmpty(cloud.BotScope)])
var res = Credentials.Resolve(TokenClient, [.. Token.Scopes.DefaultIfEmpty(BotTokenClient.BotScope)])
.ConfigureAwait(false)
.GetAwaiter()
.GetResult();
Expand All @@ -92,9 +90,6 @@ public App(AppOptions? options = null)
};

Api = new ApiClient("https://smba.trafficmanager.net/teams/", Client);
Api.Bots.Token.BotScope = cloud.BotScope;
Api.Bots.SignIn.TokenServiceUrl = cloud.TokenServiceUrl;
Api.Users.Token.TokenServiceUrl = cloud.TokenServiceUrl;
Container = new Container();
Container.Register(Logger);
Container.Register(Storage);
Expand Down
2 changes: 0 additions & 2 deletions Libraries/Microsoft.Teams.Apps/AppOptions.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

using Microsoft.Teams.Api.Auth;
using Microsoft.Teams.Apps.Plugins;

namespace Microsoft.Teams.Apps;
Expand All @@ -16,7 +15,6 @@ public class AppOptions
public Common.Http.IHttpCredentials? Credentials { get; set; }
public IList<IPlugin> Plugins { get; set; } = [];
public OAuthSettings OAuth { get; set; } = new OAuthSettings();
public CloudEnvironment? Cloud { get; set; }

public AppOptions()
{
Expand Down
Loading