Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: [#4544] JwtTokenExtractor.getIdentity:err! FetchError: request to https://login.botframework.com/v1/.well-known/openidconfiguration #4583

Merged
merged 4 commits into from
Jan 18, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions libraries/botframework-connector/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,9 @@
"botbuilder-stdlib": "4.1.6",
"botframework-schema": "4.1.6",
"cross-fetch": "^3.0.5",
"https-proxy-agent": "^7.0.2",
"jsonwebtoken": "^9.0.0",
"node-fetch": "^2.6.7",
"rsa-pem-from-mod-exp": "^0.8.4",
"zod": "^3.22.4",
"openssl-wrapper": "^0.3.4"
Expand Down
15 changes: 11 additions & 4 deletions libraries/botframework-connector/src/auth/jwtTokenExtractor.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import { EndorsementsValidator } from './endorsementsValidator';
import { OpenIdMetadata } from './openIdMetadata';
import { AuthenticationError } from './authenticationError';
import { StatusCodes } from 'botframework-schema';
import { ProxySettings } from '@azure/core-http';

/**
* A JWT token processing class that gets identity information and performs security token validation.
Expand All @@ -32,17 +33,23 @@ export class JwtTokenExtractor {
* @param tokenValidationParameters Token validation parameters.
* @param metadataUrl Metadata Url.
* @param allowedSigningAlgorithms Allowed signing algorithms.
* @param proxySettings The proxy settings for the request.
*/
constructor(tokenValidationParameters: VerifyOptions, metadataUrl: string, allowedSigningAlgorithms: string[]) {
constructor(
tokenValidationParameters: VerifyOptions,
metadataUrl: string,
allowedSigningAlgorithms: string[],
proxySettings?: ProxySettings
) {
this.tokenValidationParameters = { ...tokenValidationParameters };
this.tokenValidationParameters.algorithms = allowedSigningAlgorithms;
this.openIdMetadata = JwtTokenExtractor.getOrAddOpenIdMetadata(metadataUrl);
this.openIdMetadata = JwtTokenExtractor.getOrAddOpenIdMetadata(metadataUrl, proxySettings);
}

private static getOrAddOpenIdMetadata(metadataUrl: string): OpenIdMetadata {
private static getOrAddOpenIdMetadata(metadataUrl: string, proxySettings?: ProxySettings): OpenIdMetadata {
let metadata = this.openIdMetadataCache.get(metadataUrl);
if (!metadata) {
metadata = new OpenIdMetadata(metadataUrl);
metadata = new OpenIdMetadata(metadataUrl, proxySettings);
this.openIdMetadataCache.set(metadataUrl, metadata);
}

Expand Down
16 changes: 12 additions & 4 deletions libraries/botframework-connector/src/auth/openIdMetadata.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,11 @@

import * as getPem from 'rsa-pem-from-mod-exp';
import base64url from 'base64url';
import fetch from 'cross-fetch';
import fetch from 'node-fetch';
import { HttpsProxyAgent } from 'https-proxy-agent';
import { AuthenticationError } from './authenticationError';
import { StatusCodes } from 'botframework-schema';
import { ProxySettings } from '@azure/core-http';

/**
* Class in charge of manage OpenId metadata.
Expand All @@ -23,8 +25,9 @@ export class OpenIdMetadata {
* Initializes a new instance of the [OpenIdMetadata](xref:botframework-connector.OpenIdMetadata) class.
*
* @param url Metadata Url.
* @param proxySettings The proxy settings for the request.
*/
constructor(private url: string) {}
constructor(private url: string, private proxySettings?: ProxySettings) {}

/**
* Gets the Signing key.
Expand Down Expand Up @@ -56,12 +59,17 @@ export class OpenIdMetadata {
* @private
*/
private async refreshCache(): Promise<void> {
const res = await fetch(this.url);
let agent = null;
if (this.proxySettings) {
const proxyUrl = `http://${this.proxySettings.host}:${this.proxySettings.port}`;
agent = new HttpsProxyAgent(proxyUrl);
}
const res = await fetch(this.url, { agent: agent });

if (res.ok) {
const openIdConfig = (await res.json()) as IOpenIdConfig;

const getKeyResponse = await fetch(openIdConfig.jwks_uri);
const getKeyResponse = await fetch(openIdConfig.jwks_uri, { agent: agent });
if (getKeyResponse.ok) {
this.lastUpdated = new Date().getTime();
this.keys = (await getKeyResponse.json()).keys as IKey[];
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -298,7 +298,8 @@ export class ParameterizedBotFrameworkAuthentication extends BotFrameworkAuthent
const tokenExtractor = new JwtTokenExtractor(
verifyOptions,
this.toBotFromEmulatorOpenIdMetadataUrl,
AuthenticationConstants.AllowedSigningAlgorithms
AuthenticationConstants.AllowedSigningAlgorithms,
this.connectorClientOptions?.proxySettings
);

const parts: string[] = authHeader.split(' ');
Expand Down Expand Up @@ -384,7 +385,8 @@ export class ParameterizedBotFrameworkAuthentication extends BotFrameworkAuthent
const tokenExtractor: JwtTokenExtractor = new JwtTokenExtractor(
verifyOptions,
this.toBotFromEmulatorOpenIdMetadataUrl,
AuthenticationConstants.AllowedSigningAlgorithms
AuthenticationConstants.AllowedSigningAlgorithms,
this.connectorClientOptions?.proxySettings
);

const identity: ClaimsIdentity = await tokenExtractor.getIdentityFromAuthHeader(
Expand Down Expand Up @@ -470,7 +472,8 @@ export class ParameterizedBotFrameworkAuthentication extends BotFrameworkAuthent
const tokenExtractor: JwtTokenExtractor = new JwtTokenExtractor(
tokenValidationParameters,
this.toBotFromChannelOpenIdMetadataUrl,
AuthenticationConstants.AllowedSigningAlgorithms
AuthenticationConstants.AllowedSigningAlgorithms,
this.connectorClientOptions?.proxySettings
);

const identity: ClaimsIdentity = await tokenExtractor.getIdentityFromAuthHeader(
Expand Down
15 changes: 15 additions & 0 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2794,6 +2794,13 @@ agent-base@6:
dependencies:
debug "4"

agent-base@^7.0.2:
version "7.1.0"
resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-7.1.0.tgz#536802b76bc0b34aa50195eb2442276d613e3434"
integrity sha512-o/zjMZRhJxny7OyEF+Op8X+efiELC7k7yOjMzgfzVqOzXqkBkWI79YoTdOtsuWd5BWhAGAuOY/Xa6xpiaWXiNg==
dependencies:
debug "^4.3.4"

agentkeepalive@^4.1.3:
version "4.1.4"
resolved "https://registry.yarnpkg.com/agentkeepalive/-/agentkeepalive-4.1.4.tgz#d928028a4862cb11718e55227872e842a44c945b"
Expand Down Expand Up @@ -7479,6 +7486,14 @@ [email protected], https-proxy-agent@^5.0.0:
agent-base "6"
debug "4"

https-proxy-agent@^7.0.2:
version "7.0.2"
resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-7.0.2.tgz#e2645b846b90e96c6e6f347fb5b2e41f1590b09b"
integrity sha512-NmLNjm6ucYwtcUmL7JQC1ZQ57LmHP4lT15FQ8D61nak1rO6DH+fz5qNK2Ap5UN4ZapYICE3/0KodcLYSPsPbaA==
dependencies:
agent-base "^7.0.2"
debug "4"

humanize-ms@^1.2.1:
version "1.2.1"
resolved "https://registry.yarnpkg.com/humanize-ms/-/humanize-ms-1.2.1.tgz#c46e3159a293f6b896da29316d8b6fe8bb79bbed"
Expand Down
Loading