Skip to content
This repository has been archived by the owner on Feb 12, 2022. It is now read-only.

Validate token in the webhook #1

Open
5 of 6 tasks
tachyons opened this issue Oct 22, 2016 · 4 comments
Open
5 of 6 tasks

Validate token in the webhook #1

tachyons opened this issue Oct 22, 2016 · 4 comments

Comments

@tachyons
Copy link
Owner

  • The token was sent in the HTTP Authorization header with “Bearer” scheme
  • The token is valid JSON that conforms to the JWT standard (see references)
  • The token contains an issuer claim with value of https://api.botframework.com
  • The token contains an audience claim with a value equivalent to your bot’s Microsoft App ID.
  • The token has not yet expired. Industry-standard clock-skew is 5 minutes.
  • The token has a valid cryptographic signature with a key listed in the OpenId keys document retrieved in step 1, above.
@FilBot3
Copy link

FilBot3 commented Nov 17, 2017

I would like to attempt to help out. Is there an IRC channel or Matrix group for this?

@tachyons
Copy link
Owner Author

@predatorian3 Thanks for your interest. We don't any such communication channel for now. We can make one if you are interested

@luispollo
Copy link

luispollo commented Dec 19, 2017

@tachyons I'm also wondering if we could make the connector configuration a little more flexible so you could use a token generated by Microsoft Teams for custom bots, without the need for an app ID and secret?
Reference: https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/custom-bot

@tachyons
Copy link
Owner Author

Sure, I do not have azure or Microsoft team account at this moment. So it may take some time PRs are welcome

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants