根据Azure Bot Service Authentication的信息我尝试使用通过 OpenId 公开的公钥来验证 JWT token :
- https://login.botframework.com/v1/.well-known/openidconfiguration
- https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration
- https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
但是 directline.botframework.com 对话 JWT token 中的 key 不在其中,请参阅以下错误:
“IDX10501:签名验证失败。无法匹配 key :kid:'....”
ConfigurationManager<OpenIdConnectConfiguration> configurationManager =
new ConfigurationManager<OpenIdConnectConfiguration>(openIdMetadataAddress, new OpenIdConnectConfigurationRetriever());
OpenIdConnectConfiguration openIdConnectConfiguration = await configurationManager.GetConfigurationAsync(CancellationToken.None);
TokenValidationParameters tokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = authorizationDomain,
ValidateAudience = false,
IssuerSigningKeys = openIdConnectConfiguration.SigningKeys
};
try
{
JwtSecurityTokenHandler jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
jwtSecurityTokenHandler.ValidateToken(jwt, tokenValidationParameters, out _);
return true;
}
catch (SecurityTokenException)
{
return false;
}
JWT token 示例(当您在机器人框架中启动直接对话时生成):
ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImtpZCI6ICJBT08tZXhGd2puR3lDTEJhOTgwVkxOME1tUTgiLA0KICAieDV0IjogIkFPTy1leEZ3am5HeUNMQmE5ODBWTE4wTW1ROCIsDQogICJ0eXAiOiAiSldUIg0KfQ.ew0KICAiYm90IjogImRldi1tYXJpdXNpbXBvLW5lcnRlc3Rib3QwbmVnNC1ib3QiLA0KICAic2l0ZSI6ICJ0RVRMM2ZES3ZGdyIsDQogICJjb252IjogIkZPeXRUdThrTzVRNFVOZmxpS3pSMlgtaCIsDQogICJuYmYiOiAxNTc1MzcxNDYzLA0KICAiZXhwIjogMTU3NTM3NTA2MywNCiAgImlzcyI6ICJodHRwczovL2RpcmVjdGxpbmUuYm90ZnJhbWV3b3JrLmNvbS8iLA0KICAiYXVkIjogImh0dHBzOi8vZGlyZWN0bGluZS5ib3RmcmFtZXdvcmsuY29tLyINCn0.IMKMdlart3nEg6iegVvz5MQ86cp36nLXK1mIT0a7xiOmRLMMlvUjqHA9d2EJUovYAML4RGAapP7BWYgU9CnYtL9dXrJwj_JNacJDov18zUTzbyfzcL8goFJG_PJRjJZbN7ZZZdp1lIis9DbrL56HQBgiBuW4BGhNhgmBauh8SFOIvWfhOYmWoxyfI7Uzkd_5LTVdeL7Lyqi5Ulxzf8UsuDI372US6dA0LZ0BZMCU-M6S9bYFCSBwrvjD5uZOYJ8drCuXnuOl1rxRP_kfMVi-kodWZ84-puo5JYt5QhpptP6vuBYO5-6fW359zJ1csUk-xWFlOH88dh09lpJDbcXgXg
using (var client = new DirectLineClient(secretKey))
{
var conversation = await client.Conversations.StartConversationAsync();
var token = conversation.Token;
}
最佳答案
UPD:我不知道什么 the key from the directline.botframework.com conversation JWT token
正是如此。如果您可以为我提供过期的 token ,应该可以找到如何验证它。
Metadata endpoint:
https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration
您的代码运行良好。
请查看我在下面完成的测试步骤:
创建
Web App Bot
通过 Azure 门户。完整描述在这里:https://learn.microsoft.com/en-us/azure/bot-service/abs-quickstart?view=azure-bot-service-4.0
获取 token 。
拿
MICROSOFT-APP-ID
和MICROSOFT-APP-PASSWORD
来自Configuration
您的Web App Bot
.POST https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token Host: login.microsoftonline.com Content-Type: application/x-www-form-urlencoded grant_type=client_credentials&client_id=MICROSOFT-APP-ID&client_secret=MICROSOFT-APP-PASSWORD&scope=https%3A%2F%2Fapi.botframework.com%2F.default
提出值来验证 token 。
3.1。 元数据端点
从 token 端点构造。
https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration
3.2。 发行人
解码了jwt.io处的 token 并从那里获取实际的发行人。
https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/
3.3。 观众
与发行人的方式相同。
https://api.botframework.com
验证 token 并获取
ClaimsPrincipal
从 token 解码的对象。static async Task Main(string[] args) { var jwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkJCOENlRlZxeWFHckdOdWVoSklpTDRkZmp6dyIsImtpZCI6IkJCOENlRlZxeWFHckdOdWVoSklpTDRkZmp6dyJ9.eyJhdWQiOiJodHRwczovL2FwaS5ib3RmcmFtZXdvcmsuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvZDZkNDk0MjAtZjM5Yi00ZGY3LWExZGMtZDU5YTkzNTg3MWRiLyIsImlhdCI6MTU3NTkyMDQwMSwibmJmIjoxNTc1OTIwNDAxLCJleHAiOjE1NzU5MjQzMDEsImFpbyI6IjQyVmdZRGhjMDMwNGFrdENBcXZMYTM2aFJTTExBUT09IiwiYXBwaWQiOiI0MmY5NGM0MS0wYmMwLTRiN2MtODc2MC1jOGI1NTRhYjE2NDIiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9kNmQ0OTQyMC1mMzliLTRkZjctYTFkYy1kNTlhOTM1ODcxZGIvIiwidGlkIjoiZDZkNDk0MjAtZjM5Yi00ZGY3LWExZGMtZDU5YTkzNTg3MWRiIiwidXRpIjoiMWpvWi1TUng5a1MwdUxucVYyOE5BQSIsInZlciI6IjEuMCJ9.WWxIinArkAJgVyAUMu6UJvCy9OJ-B2KGxpT-t9wdRF9qlpw00GvXXuL0HCpUEIWC0efA3ETF3bBBJVYjcXoKsC6Up2UWzkAgA2O_TZhPkG5Tkm5MT7f_mIdoEVWoddawjv3ec_EUfSq1B_UrQu-05AHMe0n46kN94yUWbsIAv9z6Q_HSuKO6_kSSyGwbnsAbsT2nWqYyE05BstvZUccQrSvR4UdbugKDEDxAixhVvOrFJiLng3pKeSljXUxWte7ETw59X9EuA4WJPURzW-kWPJ8tGIP2Wz6RVDU-D1eCp-DB3o4PxT-t8UTBMjwUJBFqQo-w1GtQasJwcnUKKkBhgA"; var claimsPrincipal = await Authenticate(jwt); } public static async Task<ClaimsPrincipal> Authenticate(string jwt) { var openIdMetadataAddress = "https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration"; var issuer = "https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/"; var audience = "https://api.botframework.com"; var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>( openIdMetadataAddress, new OpenIdConnectConfigurationRetriever()); var openIdConnectConfiguration = await configurationManager.GetConfigurationAsync(); var tokenValidationParameters = new TokenValidationParameters { // Updated validation parameters ValidIssuer = issuer, ValidAudience = audience, ValidateLifetime = true, ValidateIssuerSigningKey = true, IssuerSigningKeys = openIdConnectConfiguration.SigningKeys }; try { var jwtSecurityTokenHandler = new JwtSecurityTokenHandler(); var claimsPrincipal = jwtSecurityTokenHandler.ValidateToken(jwt, tokenValidationParameters, out _); return claimsPrincipal; } catch (SecurityTokenException e) { return null; } }
关于azure - 在哪里可以找到用于验证 directline.botframework.com 对话 JWT token 的公钥?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59158389/