Remove callerId in Auth flow as callerId shouldn't be transferred ove…

…r the wire (#2291)

* remove callerId setting and verification

* update comment

lib/csharp/microsoft.bot.builder.skills/Microsoft.Bot.Builder.Skills/SkillWebSocketBotAdapter.cs

@@ -126,6 +126,10 @@ public override async Task<ResourceResponse[]> SendActivitiesAsync(ITurnContext
                 {
                     var requestPath = $"/activities/{activity.Id}";
                     var request = StreamingRequest.CreatePost(requestPath);
+
+                    // set callerId to empty so it's not sent over the wire
+                    activity.CallerId = null;
+
                     request.SetBody(activity);
 
                     _botTelemetryClient.TrackTrace($"Sending activity. ReplyToId: {activity.ReplyToId}", Severity.Information, null);
@@ -173,6 +177,10 @@ public override async Task<ResourceResponse> UpdateActivityAsync(ITurnContext tu
         {
             var requestPath = $"/activities/{activity.Id}";
             var request = StreamingRequest.CreatePut(requestPath);
+
+            // set callerId to empty so it's not sent over the wire
+            activity.CallerId = null;
+
             request.SetBody(activity);
 
             var response = default(ResourceResponse);

lib/csharp/microsoft.bot.builder.skills/Microsoft.Bot.Builder.Skills/SkillWebSocketRequestHandler.cs

@@ -78,13 +78,8 @@ internal SkillWebSocketRequestHandler(ClaimsIdentity claimsIdentity, IBotTelemet
 
             var appIdClaimName = AuthHelpers.GetAppIdClaimName(_claimsIdentity);
 
-            // verify if caller id is the same as the appid in the claims
-            var appIdClaim = _claimsIdentity.Claims.FirstOrDefault(c => c.Type == appIdClaimName)?.Value;
-            if (!activity.CallerId.Equals(appIdClaim))
-            {
-                response.StatusCode = (int)HttpStatusCode.Forbidden;
-                return response;
-            }
+            // retrieve the appid and use it to populate callerId on the activity
+            activity.CallerId = _claimsIdentity.Claims.FirstOrDefault(c => c.Type == appIdClaimName)?.Value;
 
             try
             {

lib/csharp/microsoft.bot.builder.skills/Microsoft.Bot.Builder.Skills/SkillWebSocketTransport.cs

@@ -54,9 +54,6 @@ public async Task<Activity> ForwardToSkillAsync(SkillManifest skillManifest, ISe
 
             await _streamingTransportClient.ConnectAsync(headers);
 
-            // populate call id for auth purpose
-            activity.CallerId = serviceClientCredentials.MicrosoftAppId;
-
             // set recipient to the skill
             var recipientId = activity.Recipient.Id;
             activity.Recipient.Id = skillManifest.MSAappId;