Skip to content

Commit

Permalink
Merge pull request #1 from arlandism/amw/enable-configurable-leeway
Browse files Browse the repository at this point in the history
allows config for leeway of 'nbf' and 'exp'
  • Loading branch information
arlandism authored Apr 26, 2022
2 parents a22d75a + ee9a1cf commit ef113ba
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 6 deletions.
18 changes: 16 additions & 2 deletions connector/auth/jwt_token_validation.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,11 +61,25 @@ type TokenValidator interface {
// JwtTokenValidator is the default implementation of TokenValidator.
type JwtTokenValidator struct {
cache.AuthCache
jwtoptions *JWTOptions
}

// NewJwtTokenValidator returns a new TokenValidator value with an empty cache
func NewJwtTokenValidator() TokenValidator {
return &JwtTokenValidator{cache.AuthCache{}}
return &JwtTokenValidator{cache.AuthCache{}, &JWTOptions{}}
}

type JWTOptions struct {
// Leeway is used to extend the allowance window
// for the "nbf" and "exp" claims of the token,
// allowing clients to loosen restrictions on *when* a token becomes valid
// and when it's considered expired
Leeway time.Duration
}

// NewJwtTokenValidatorWithOptions returns a new TokenValidator value with JWT-options configured
func NewJwtTokenValidatorWithOptions(options *JWTOptions) TokenValidator {
return &JwtTokenValidator{cache.AuthCache{}, options}
}

// AuthenticateRequest authenticates the received request from connector service.
Expand Down Expand Up @@ -143,7 +157,7 @@ func (jv *JwtTokenValidator) getIdentity(jwtString string) (ClaimsIdentity, erro
}

// TODO: Add options verify_aud and verify_exp
token, err := jwt.Parse(jwtString, getKey)
token, err := jwt.Parse(jwtString, getKey, jwt.WithLeeway(jv.jwtoptions.Leeway))
if err != nil {
return nil, err
}
Expand Down
9 changes: 8 additions & 1 deletion core/bot_framework_adapter.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ type AdapterSetting struct {
CredentialProvider auth.CredentialProvider
AuthClient *http.Client
ReplyClient *http.Client
JWTConfig *auth.JWTOptions
}

// BotFrameworkAdapter implements Adapter and is currently the only implementation returned to the user program.
Expand Down Expand Up @@ -87,12 +88,18 @@ func NewBotAdapter(settings AdapterSetting) (Adapter, error) {
clientConfig.ReplyClient = settings.ReplyClient
}

var tokenValidator auth.TokenValidator
if settings.JWTConfig != nil {
tokenValidator = auth.NewJwtTokenValidatorWithOptions(settings.JWTConfig)
} else {
tokenValidator = auth.NewJwtTokenValidator()
}
connectorClient, err := client.NewClient(clientConfig)
if err != nil {
return nil, errors.Wrap(err, "Failed to create Connector Client.")
}

return &BotFrameworkAdapter{settings, auth.NewJwtTokenValidator(), connectorClient}, nil
return &BotFrameworkAdapter{settings, tokenValidator, connectorClient}, nil
}

// ProcessActivity receives an activity, processes it as specified in by the 'handler' and
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module github.com/infracloudio/msbotbuilder-go
go 1.16

require (
github.com/golang-jwt/jwt/v4 v4.1.0
github.com/golang-jwt/jwt/v4 v4.4.0
github.com/lestrrat-go/jwx v1.1.7
github.com/pkg/errors v0.9.1
github.com/stretchr/testify v1.7.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ github.com/decred/dcrd/dcrec/secp256k1/v3 v3.0.0 h1:sgNeV1VRMDzs6rzyPpxyM0jp317h
github.com/decred/dcrd/dcrec/secp256k1/v3 v3.0.0/go.mod h1:J70FGZSbzsjecRTiTzER+3f1KZLNaXkuv+yeFTKoxM8=
github.com/goccy/go-json v0.4.8 h1:TfwOxfSp8hXH+ivoOk36RyDNmXATUETRdaNWDaZglf8=
github.com/goccy/go-json v0.4.8/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0=
github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
github.com/golang-jwt/jwt/v4 v4.4.0 h1:EmVIxB5jzbllGIjiCV5JG4VylbK3KE400tLGLI1cdfU=
github.com/golang-jwt/jwt/v4 v4.4.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
github.com/lestrrat-go/backoff/v2 v2.0.7 h1:i2SeK33aOFJlUNJZzf2IpXRBvqBBnaGXfY5Xaop/GsE=
github.com/lestrrat-go/backoff/v2 v2.0.7/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
github.com/lestrrat-go/blackmagic v1.0.0 h1:XzdxDbuQTz0RZZEmdU7cnQxUtFUzgCSPq8RCz4BxIi4=
Expand Down

0 comments on commit ef113ba

Please sign in to comment.