Updating to validate JWT tokens from the emulator

when the emulator is using tokens it retrieved from
the US Gov AAD endpoint

libraries/Microsoft.Bot.Connector/Authentication/EmulatorValidation.cs

@@ -27,7 +27,9 @@ public static class EmulatorValidation
                     "https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/",                    // Auth v3.1, 1.0 token
                     "https://login.microsoftonline.com/d6d49420-f39b-4df7-a1dc-d59a935871db/v2.0",      // Auth v3.1, 2.0 token
                     "https://sts.windows.net/f8cdef31-a31e-4b4a-93e4-5f571e91255a/",                    // Auth v3.2, 1.0 token
-                    "https://login.microsoftonline.com/f8cdef31-a31e-4b4a-93e4-5f571e91255a/v2.0"       // Auth v3.2, 2.0 token
+                    "https://login.microsoftonline.com/f8cdef31-a31e-4b4a-93e4-5f571e91255a/v2.0",      // Auth v3.2, 2.0 token
+                    "https://sts.windows.net/cab8a31a-1906-4287-a0d8-4eef66b95f6e/",                    // Auth for US Gov, 1.0 token
+                    "https://login.microsoftonline.us/cab8a31a-1906-4287-a0d8-4eef66b95f6e/v2.0"        // Auth for US Gov, 2.0 token
                 },                
                 ValidateAudience = false,   // Audience validation takes place manually in code. 
                 ValidateLifetime = true,
@@ -105,12 +107,16 @@ public static bool IsTokenFromEmulator(string authHeader)
         /// <remarks>
         /// A token issued by the Bot Framework will FAIL this check. Only Emulator tokens will pass.
         /// </remarks>
-        public static async Task<ClaimsIdentity> AuthenticateEmulatorToken(string authHeader, ICredentialProvider credentials, HttpClient httpClient, string channelId)
+        public static async Task<ClaimsIdentity> AuthenticateEmulatorToken(string authHeader, ICredentialProvider credentials, IChannelProvider channelProvider, HttpClient httpClient, string channelId)
         {
+            var openIdMetadataUrl = (channelProvider != null && channelProvider.IsGovernment()) ?
+                GovernmentAuthenticationConstants.ToBotFromEmulatorOpenIdMetadataUrl :
+                AuthenticationConstants.ToBotFromEmulatorOpenIdMetadataUrl;
+
             var tokenExtractor = new JwtTokenExtractor(
                     httpClient,
                     ToBotFromEmulatorTokenValidationParameters,
-                    AuthenticationConstants.ToBotFromEmulatorOpenIdMetadataUrl,
+                    openIdMetadataUrl,
                     AuthenticationConstants.AllowedSigningAlgorithms);
 
             var identity = await tokenExtractor.GetIdentityAsync(authHeader, channelId);

libraries/Microsoft.Bot.Connector/Authentication/GovernmentAuthenticationConstants.cs

@@ -39,5 +39,10 @@ public static class GovernmentAuthenticationConstants
         /// TO BOT FROM GOVERNMANT CHANNEL: OpenID metadata document for tokens coming from MSA
         /// </summary>
         public const string ToBotFromChannelOpenIdMetadataUrl = "https://login.botframework.azure.us/v1/.well-known/openidconfiguration";
+
+        /// <summary>
+        /// TO BOT FROM GOVERNMENT EMULATOR: OpenID metadata document for tokens coming from MSA
+        /// </summary>
+        public const string ToBotFromEmulatorOpenIdMetadataUrl = "https://login.microsoftonline.us/cab8a31a-1906-4287-a0d8-4eef66b95f6e/v2.0/.well-known/openid-configuration";
     }
 }

libraries/Microsoft.Bot.Connector/Authentication/JwtTokenValidation.cs

@@ -75,7 +75,7 @@ public static async Task<ClaimsIdentity> ValidateAuthHeader(string authHeader, I
 
             if (usingEmulator)
             {
-                return await EmulatorValidation.AuthenticateEmulatorToken(authHeader, credentials, httpClient ?? _httpClient, channelId);
+                return await EmulatorValidation.AuthenticateEmulatorToken(authHeader, credentials, channelProvider, httpClient ?? _httpClient, channelId);
             }
             else if(channelProvider == null || channelProvider.IsPublicAzure())
             {