Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
public async createConnectorClientWithIdentity(serviceUrl: string, identity: ClaimsIdentity): Promise {
if (!identity) {
throw new Error('BotFrameworkAdapter.createConnectorClientWithScope(): invalid identity parameter.');
}
const botAppId = identity.getClaimValue(AuthenticationConstants.AudienceClaim) ||
identity.getClaimValue(AuthenticationConstants.AppIdClaim);
// Anonymous claims and non-skill claims should fall through without modifying the scope.
let credentials: AppCredentials = this.credentials;
// If the request is for skills, we need to create an AppCredentials instance with
// the correct scope for communication between the caller and the skill.
if (botAppId && SkillValidation.isSkillClaim(identity.claims)) {
const scope = JwtTokenValidation.getAppIdFromClaims(identity.claims);
if (this.credentials.oAuthScope === scope) {
// Do nothing, the current credentials and its scope are valid for the skill.
// i.e. the adatper instance is pre-configured to talk with one skill.
} else {
// Since the scope is different, we will create a new instance of the AppCredentials
// so this.credentials.oAuthScope isn't overridden.
credentials = await this.buildCredentials(botAppId, scope);