fixUSGovSingleTenant

libraries/Microsoft.Bot.Connector/Authentication/AppCredentials.cs

@@ -74,7 +74,7 @@ public AppCredentials(string channelAuthTenant = null, HttpClient customHttpClie
         /// <value>
         /// Tenant to be used for channel authentication.
         /// </value>
-        public string ChannelAuthTenant
+        public virtual string ChannelAuthTenant
         {
             get => string.IsNullOrEmpty(AuthTenant) ? AuthenticationConstants.DefaultChannelAuthTenant : AuthTenant;
             set

libraries/Microsoft.Bot.Connector/Authentication/GovernmentAuthenticationConstants.cs

@@ -18,6 +18,18 @@ public static class GovernmentAuthenticationConstants
         /// </summary>
         public const string ToChannelFromBotLoginUrl = "https://login.microsoftonline.us/MicrosoftServices.onmicrosoft.us";
 
+        /// <summary>
+        /// TO CHANNEL FROM BOT: Login URL template string. Bot developer may specify
+        /// which tenant to obtain an access token from. By default, the channels only
+        /// accept tokens from "MicrosoftServices.onmicrosoft.us". For more details see https://aka.ms/bots/tenant-restriction.
+        /// </summary>
+        public const string ToChannelFromBotLoginUrlTemplate = "https://login.microsoftonline.us/{0}";
+
+        /// <summary>
+        /// The default tenant to acquire bot to channel token from.
+        /// </summary>
+        public const string DefaultChannelAuthTenant = "MicrosoftServices.onmicrosoft.us";
+
         /// <summary>
         /// TO GOVERNMENT CHANNEL FROM BOT: OAuth scope to request.
         /// </summary>
@@ -42,5 +54,10 @@ public static class GovernmentAuthenticationConstants
         /// TO BOT FROM GOVERNMENT EMULATOR: OpenID metadata document for tokens coming from MSA.
         /// </summary>
         public const string ToBotFromEmulatorOpenIdMetadataUrl = "https://login.microsoftonline.us/cab8a31a-1906-4287-a0d8-4eef66b95f6e/v2.0/.well-known/openid-configuration";
+
+        /// <summary>
+        /// TO BOT FROM GOVERNMENT AseChannel: OpenID metadata document for tokens coming from MSA.
+        /// </summary>
+        public const string ToBotFromAseChannelOpenIdMetadataUrl = "https://login.microsoftonline.us/cab8a31a-1906-4287-a0d8-4eef66b95f6e/v2.0/.well-known/openid-configuration";
     }
 }

libraries/Microsoft.Bot.Connector/Authentication/MicrosoftGovernmentAppCredentials.cs

@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System.Globalization;
 using System.Net.Http;
 using Microsoft.Extensions.Logging;
 
@@ -66,6 +67,18 @@ public MicrosoftGovernmentAppCredentials(string appId, string password, string t
         {
         }
 
+        /// <summary>
+        /// Gets or sets tenant to be used for channel authentication.
+        /// </summary>
+        /// <value>
+        /// Tenant to be used for channel authentication.
+        /// </value>
+        public override string ChannelAuthTenant
+        {
+            get => string.IsNullOrEmpty(AuthTenant) ? GovernmentAuthenticationConstants.DefaultChannelAuthTenant : AuthTenant;
+            set => base.ChannelAuthTenant = value;
+        }
+
         /// <summary>
         /// Gets the OAuth endpoint to use.
         /// </summary>
@@ -74,7 +87,7 @@ public MicrosoftGovernmentAppCredentials(string appId, string password, string t
         /// </value>
         public override string OAuthEndpoint
         {
-            get { return GovernmentAuthenticationConstants.ToChannelFromBotLoginUrl; }
+            get => string.Format(CultureInfo.InvariantCulture, GovernmentAuthenticationConstants.ToChannelFromBotLoginUrlTemplate, ChannelAuthTenant);
         }
     }
 }