botframework-ruby icon indicating copy to clipboard operation
botframework-ruby copied to clipboard
verified publisher icon tachyons

Validate token in the webhook

Open tachyons opened this issue 9 years ago • 4 comments

  • [x] The token was sent in the HTTP Authorization header with “Bearer” scheme
  • [x] The token is valid JSON that conforms to the JWT standard (see references)
  • [x] The token contains an issuer claim with value of https://api.botframework.com
  • [x] The token contains an audience claim with a value equivalent to your bot’s Microsoft App ID.
  • [x] The token has not yet expired. Industry-standard clock-skew is 5 minutes.
  • [ ] The token has a valid cryptographic signature with a key listed in the OpenId keys document retrieved in step 1, above.

tachyons avatar Oct 22 '16 13:10 tachyons

I would like to attempt to help out. Is there an IRC channel or Matrix group for this?

FilBot3 avatar Nov 17 '17 16:11 FilBot3

@predatorian3 Thanks for your interest. We don't any such communication channel for now. We can make one if you are interested

tachyons avatar Nov 17 '17 17:11 tachyons

@tachyons I'm also wondering if we could make the connector configuration a little more flexible so you could use a token generated by Microsoft Teams for custom bots, without the need for an app ID and secret? Reference: https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/custom-bot

luispollo avatar Dec 19 '17 22:12 luispollo

Sure, I do not have azure or Microsoft team account at this moment. So it may take some time PRs are welcome

tachyons avatar Dec 20 '17 00:12 tachyons