class BotFramework::TokenValidator

Constants

OPEN_ID_CONFIG_URI

Attributes

errors[RW]
headers[RW]

Public Class Methods

new(headers) click to toggle source
# File lib/bot_framework/token_validator.rb, line 8
def initialize(headers)
  @headers = headers
end

Public Instance Methods

valid?() click to toggle source
# File lib/bot_framework/token_validator.rb, line 12
def valid?
  valid_header? &&
    valid_jwt? &&
    valid_iss? &&
    valid_audience? &&
    valid_token? &&
    valid_signature?
end

Private Instance Methods

auth_header() click to toggle source
# File lib/bot_framework/token_validator.rb, line 39
def auth_header
  headers['Authorization']
end
jwks_uri() click to toggle source
# File lib/bot_framework/token_validator.rb, line 31
def jwks_uri
  open_id_config['jwks_uri']
end
open_id_config() click to toggle source
# File lib/bot_framework/token_validator.rb, line 27
def open_id_config
  JSON.parse(self.class.get(OPEN_ID_CONFIG_URI).body)
end
token() click to toggle source
# File lib/bot_framework/token_validator.rb, line 43
def token
  auth_header.gsub('Bearer ', '')
end
valid_audience?() click to toggle source
# File lib/bot_framework/token_validator.rb, line 70
def valid_audience?
  # The token contains an audience claim with a value equivalent to your bot’s Microsoft App ID.
  aud = JWT.decode(token, nil, false).first['aud']
  condition = ['https://graph.microsoft.com', BotFramework.connector.app_id].include?(aud)
  errors << 'Invalid audience' unless condition
  condition
end
valid_header?() click to toggle source
# File lib/bot_framework/token_validator.rb, line 47
def valid_header?
  # The token was sent in the HTTP Authorization header with "Bearer" scheme
  condition = auth_header and auth_header.start_with? 'Bearer'
  errors << 'Invalid headers' unless condition
  condition
end
valid_iss?() click to toggle source
# File lib/bot_framework/token_validator.rb, line 62
def valid_iss?
  # The token contains an issuer claim with value of https://api.botframework.com
  iss = JWT.decode(token, nil, false).first['iss']
  condition = ['https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/', 'https://api.botframework.com'].include?(iss)
  errors << "Invalid iss #{iss}" unless condition
  condition
end
valid_jwt?() click to toggle source

Validations

# File lib/bot_framework/token_validator.rb, line 55
def valid_jwt?
  # The token is valid JSON that conforms to the JWT standard (see references)
  condition = JWT.decode token, nil, false
  errors << 'Invalid jwt' unless condition
  condition
end
valid_keys() click to toggle source
# File lib/bot_framework/token_validator.rb, line 35
def valid_keys
  JSON.parse(self.class.get(jwks_uri).body)['keys']
end
valid_signature?() click to toggle source
# File lib/bot_framework/token_validator.rb, line 84
def valid_signature?
  # The token has a valid cryptographic signature with a key listed in the OpenId keys document retrieved in step 1, above.
  true
end
valid_token?() click to toggle source
# File lib/bot_framework/token_validator.rb, line 78
def valid_token?
  # The token has not yet expired. Industry-standard clock-skew is 5 minutes.
  # Should not raise JWT::ExpiredSignature
  true
end