Can't connect to Single Tenant Bot from Bot Emulator - 401: Unauthorized

[sainath-reddy-gnv]

Version

latest

Describe the bug

We see following error when connecting to Bot with Single Tenant configuration.

Exception has occurred: HTTPUnauthorized
Unauthorized
PermissionError: Unauthorized. No valid identity.

During handling of the above exception, another exception occurred:

  File "D:\git\BotBuilder-Samples\samples\python\02.echo-bot\app.py", line 64, in messages
    return await ADAPTER.process(req, BOT)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "D:\git\BotBuilder-Samples\samples\python\02.echo-bot\app.py", line 72, in <module>
    web.run_app(APP, host="localhost", port=CONFIG.PORT)
aiohttp.web_exceptions.HTTPUnauthorized: Unauthorized

To Reproduce

Steps to reproduce the behavior:

1. Run the Echo Bot Sample with the configuration below in config.py:

    PORT = 3978
    APP_ID = os.environ.get("MicrosoftAppId", "<Microsoft App ID>")
    APP_PASSWORD = os.environ.get("MicrosoftAppPassword", "<Microsoft App password>")
    APP_TYPE = os.environ.get("MicrosoftAppType", "SingleTenant")
    APP_TENANTID = os.environ.get("MicrosoftAppTenantId", "<Tenant ID>")

2. Run Bot Framework Emulator and call the bot by passing Microsoft App ID, Microsoft App password, Tenant ID configured in the config.py file in the bot.

Expected behavior

Emulator should connect to bots created with Single Tenant Configuration

Additional context

The issue is happening because issuer validation is failing in the bot because bot is not taking following issuers into account

"iss": "https://sts.windows.net/TENANT_ID/"

[tracyboehrer]

@axelsrz I've been chatting with sainath via Teams around this. But we should chat about this concerning Agents SDK Python.

[ColineJumeaux]

@tracyboehrer Any update on this? We are facing the same problem since having to switch to single tenant bots

[null-crafter]

Having the same problem as we switched from multitenant to single tenant.