Skip to content

JWT Token Validation Not Rejecting Malformed Requests with CloudAdapter #1430

New issue
New issue
Open
Open
JWT Token Validation Not Rejecting Malformed Requests with CloudAdapter#1430
Assignees
Meghana-MSFT
@yashgandhi-32

Description

@yashgandhi-32
yashgandhi-32
opened on Oct 19, 2024

Description: I am using CloudAdapter from the botbuilder package and the createBotFrameworkAuthenticationFromConfiguration method for authentication. However, when I send a request with a malfunctioned JWT token, the request is not rejected by the SDK. I need guidance on how to secure the server to reject any requests that do not originate from Azure Bot Service.

Here’s a snippet of the authentication setup:

createBotFrameworkAuthenticationFromConfiguration(
    null,
    new ConfigurationServiceClientCredentialFactory({
      MicrosoftAppId: configService.get<string>('MICROSOFT_APP_ID'),
      MicrosoftAppPassword: configService.get<string>('MICROSOFT_APP_PASSWORD'),
      MicrosoftAppTenantId: configService.get<string>('MICROSOFT_APP_TENANT_ID'),
      MicrosoftAppType: configService.get<string>('MICROSOFT_APP_TYPE'),
    }),
  ),

Question: How can I ensure that only valid requests from Azure Bot Service with proper JWT tokens are accepted, and any malformed requests are rejected? Is there additional validation or middleware I should implement?

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions