How to use the botframework-connector.JwtTokenValidation.validateAuthHeader function in botframework-connector

To help you get started, we’ve selected a few botframework-connector examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github microsoft / botbuilder-js / libraries / botbuilder-streaming-extensions / src / BotFrameworkStreamingAdapter.ts View on Github external
private async authenticateConnection(req: WebRequest, appId?: string, appPassword?: string, channelService?: string): Promise {
        if (!appId || !appPassword) {
            // auth is disabled
            return true;
        }

        try {
            let authHeader: string = req.headers.authorization || req.headers.Authorization || '';
            let channelIdHeader: string = req.headers.channelid || req.headers.ChannelId || req.headers.ChannelID || '';
            let credentials = new MicrosoftAppCredentials(appId, appPassword);
            let credentialProvider = new SimpleCredentialProvider(credentials.appId, credentials.appPassword);
            let claims = await JwtTokenValidation.validateAuthHeader(authHeader, credentialProvider, channelService, channelIdHeader);

            return claims.isAuthenticated;
        } catch (error) {
            this.logger.log(error);

            return false;
        }
    }
github microsoft / botbuilder-js / libraries / botbuilder / src / channelServiceHandler.ts View on Github external
private async authenticate(authHeader: string): Promise {
        try {
            if (!authHeader) {
                const isAuthDisable = this.credentialProvider.isAuthenticationDisabled()
                if (isAuthDisable) {
                        // In the scenario where Auth is disabled, we still want to have the
                        // IsAuthenticated flag set in the ClaimsIdentity. To do this requires
                        // adding in an empty claim.
                        return new ClaimsIdentity([], false);
                }
            }

            return await JwtTokenValidation.validateAuthHeader(authHeader, this.credentialProvider, this.channelService, 'unknown', undefined, this.authConfig);
        }
        catch (err) {
            throw new StatusCodeError(StatusCodes.UNAUTHORIZED);
        }
    }
}
github microsoft / botbuilder-js / libraries / botbuilder / src / botFrameworkAdapter.ts View on Github external
private async authenticateConnection(req: WebRequest, channelService?: string): Promise {
        if (!this.credentials.appId) {
            // auth is disabled
            return;
        }

        const authHeader: string = req.headers.authorization || req.headers.Authorization || '';
        const channelIdHeader: string = req.headers.channelid || req.headers.ChannelId || req.headers.ChannelID || '';
        // Validate the received Upgrade request from the channel.
        const claims = await JwtTokenValidation.validateAuthHeader(authHeader, this.credentialsProvider, channelService, channelIdHeader);

        // Add serviceUrl from claim to static cache to trigger token refreshes.
        const serviceUrl = claims.getClaimValue(AuthenticationConstants.ServiceUrlClaim);
        MicrosoftAppCredentials.trustServiceUrl(serviceUrl);

        if (!claims.isAuthenticated) { throw new Error('Unauthorized Access. Request is not authorized'); }
    }
github microsoft / botbuilder-js / libraries / botframework-streaming-extensions / src / Integration / WebSocketConnector.ts View on Github external
private async authenticateConnection(req: WebRequest, appId?: string, appPassword?: string, channelService?: string): Promise {
        if (!appId || !appPassword) {
            // auth is disabled
            return true;
        }

        try {
            let authHeader: string = req.headers.authorization || req.headers.Authorization || '';
            let channelIdHeader: string = req.headers.channelid || req.headers.ChannelId || req.headers.ChannelID || '';
            let credentials = new MicrosoftAppCredentials(appId, appPassword);
            let credentialProvider = new SimpleCredentialProvider(credentials.appId, credentials.appPassword);
            let claims = await JwtTokenValidation.validateAuthHeader(authHeader, credentialProvider, channelService, channelIdHeader);

            return claims.isAuthenticated;
        } catch (error) {
            this.logger.log(error);

            return false;
        }
    }
}