in libraries/botframework-connector/botframework/connector/auth/skill_validation.py [0:0]
def is_skill_claim(claims: Dict[str, object]) -> bool:
"""
Checks if the given list of claims represents a skill.
:param claims: A dict of claims.
:return bool:
"""
if (
claims.get(AuthenticationConstants.APP_ID_CLAIM, None)
== AuthenticationConstants.ANONYMOUS_SKILL_APP_ID
):
return True
if AuthenticationConstants.VERSION_CLAIM not in claims:
return False
audience = claims.get(AuthenticationConstants.AUDIENCE_CLAIM)
# The audience is https://api.botframework.com and not an appId.
if (
not audience
or audience == AuthenticationConstants.TO_BOT_FROM_CHANNEL_TOKEN_ISSUER
):
return False
from .jwt_token_validation import JwtTokenValidation
app_id = JwtTokenValidation.get_app_id_from_claims(claims)
if not app_id:
return False
# Skill claims must contain and app ID and the AppID must be different than the audience.
return app_id != audience