class BotFramework::TokenValidator
Constants
- OPEN_ID_CONFIG_URI
Attributes
errors[RW]
headers[RW]
Public Class Methods
new(headers)
click to toggle source
# File lib/bot_framework/token_validator.rb, line 8 def initialize(headers) @headers = headers end
Public Instance Methods
valid?()
click to toggle source
# File lib/bot_framework/token_validator.rb, line 12 def valid? valid_header? && valid_jwt? && valid_iss? && valid_audience? && valid_token? && valid_signature? end
Private Instance Methods
auth_header()
click to toggle source
# File lib/bot_framework/token_validator.rb, line 39 def auth_header headers['Authorization'] end
jwks_uri()
click to toggle source
# File lib/bot_framework/token_validator.rb, line 31 def jwks_uri open_id_config['jwks_uri'] end
open_id_config()
click to toggle source
# File lib/bot_framework/token_validator.rb, line 27 def open_id_config JSON.parse(self.class.get(OPEN_ID_CONFIG_URI).body) end
token()
click to toggle source
# File lib/bot_framework/token_validator.rb, line 43 def token auth_header.gsub('Bearer ', '') end
valid_audience?()
click to toggle source
# File lib/bot_framework/token_validator.rb, line 70 def valid_audience? # The token contains an audience claim with a value equivalent to your bot’s Microsoft App ID. aud = JWT.decode(token, nil, false).first['aud'] condition = ['https://graph.microsoft.com', BotFramework.connector.app_id].include?(aud) errors << 'Invalid audience' unless condition condition end
valid_header?()
click to toggle source
# File lib/bot_framework/token_validator.rb, line 47 def valid_header? # The token was sent in the HTTP Authorization header with "Bearer" scheme condition = auth_header and auth_header.start_with? 'Bearer' errors << 'Invalid headers' unless condition condition end
valid_iss?()
click to toggle source
# File lib/bot_framework/token_validator.rb, line 62 def valid_iss? # The token contains an issuer claim with value of https://api.botframework.com iss = JWT.decode(token, nil, false).first['iss'] condition = ['https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/', 'https://api.botframework.com'].include?(iss) errors << "Invalid iss #{iss}" unless condition condition end
valid_jwt?()
click to toggle source
Validations
# File lib/bot_framework/token_validator.rb, line 55 def valid_jwt? # The token is valid JSON that conforms to the JWT standard (see references) condition = JWT.decode token, nil, false errors << 'Invalid jwt' unless condition condition end
valid_keys()
click to toggle source
# File lib/bot_framework/token_validator.rb, line 35 def valid_keys JSON.parse(self.class.get(jwks_uri).body)['keys'] end
valid_signature?()
click to toggle source
# File lib/bot_framework/token_validator.rb, line 84 def valid_signature? # The token has a valid cryptographic signature with a key listed in the OpenId keys document retrieved in step 1, above. true end
valid_token?()
click to toggle source
# File lib/bot_framework/token_validator.rb, line 78 def valid_token? # The token has not yet expired. Industry-standard clock-skew is 5 minutes. # Should not raise JWT::ExpiredSignature true end