Skip to content

Commit

Permalink
fix: [microsoft#4544] JwtTokenExtractor.getIdentity:err! FetchError: …
Browse files Browse the repository at this point in the history
…request to https://login.botframework.com/v1/.well-known/openidconfiguration (microsoft#4583)

* Provide proxy setting to openIdMetadata

* Replace @azure/ms-rest-js with @azure/core-http

* Add missing agent settings in getKeys call
  • Loading branch information
ceciliaavila authored Jan 18, 2024
1 parent 95f6f80 commit 7675c41
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 11 deletions.
2 changes: 2 additions & 0 deletions libraries/botframework-connector/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,9 @@
"botbuilder-stdlib": "4.1.6",
"botframework-schema": "4.1.6",
"cross-fetch": "^3.0.5",
"https-proxy-agent": "^7.0.2",
"jsonwebtoken": "^9.0.0",
"node-fetch": "^2.6.7",
"rsa-pem-from-mod-exp": "^0.8.4",
"zod": "^3.22.4",
"openssl-wrapper": "^0.3.4"
Expand Down
15 changes: 11 additions & 4 deletions libraries/botframework-connector/src/auth/jwtTokenExtractor.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import { EndorsementsValidator } from './endorsementsValidator';
import { OpenIdMetadata } from './openIdMetadata';
import { AuthenticationError } from './authenticationError';
import { StatusCodes } from 'botframework-schema';
import { ProxySettings } from '@azure/core-http';

/**
* A JWT token processing class that gets identity information and performs security token validation.
Expand All @@ -32,17 +33,23 @@ export class JwtTokenExtractor {
* @param tokenValidationParameters Token validation parameters.
* @param metadataUrl Metadata Url.
* @param allowedSigningAlgorithms Allowed signing algorithms.
* @param proxySettings The proxy settings for the request.
*/
constructor(tokenValidationParameters: VerifyOptions, metadataUrl: string, allowedSigningAlgorithms: string[]) {
constructor(
tokenValidationParameters: VerifyOptions,
metadataUrl: string,
allowedSigningAlgorithms: string[],
proxySettings?: ProxySettings
) {
this.tokenValidationParameters = { ...tokenValidationParameters };
this.tokenValidationParameters.algorithms = allowedSigningAlgorithms;
this.openIdMetadata = JwtTokenExtractor.getOrAddOpenIdMetadata(metadataUrl);
this.openIdMetadata = JwtTokenExtractor.getOrAddOpenIdMetadata(metadataUrl, proxySettings);
}

private static getOrAddOpenIdMetadata(metadataUrl: string): OpenIdMetadata {
private static getOrAddOpenIdMetadata(metadataUrl: string, proxySettings?: ProxySettings): OpenIdMetadata {
let metadata = this.openIdMetadataCache.get(metadataUrl);
if (!metadata) {
metadata = new OpenIdMetadata(metadataUrl);
metadata = new OpenIdMetadata(metadataUrl, proxySettings);
this.openIdMetadataCache.set(metadataUrl, metadata);
}

Expand Down
16 changes: 12 additions & 4 deletions libraries/botframework-connector/src/auth/openIdMetadata.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,11 @@

import * as getPem from 'rsa-pem-from-mod-exp';
import base64url from 'base64url';
import fetch from 'cross-fetch';
import fetch from 'node-fetch';
import { HttpsProxyAgent } from 'https-proxy-agent';
import { AuthenticationError } from './authenticationError';
import { StatusCodes } from 'botframework-schema';
import { ProxySettings } from '@azure/core-http';

/**
* Class in charge of manage OpenId metadata.
Expand All @@ -23,8 +25,9 @@ export class OpenIdMetadata {
* Initializes a new instance of the [OpenIdMetadata](xref:botframework-connector.OpenIdMetadata) class.
*
* @param url Metadata Url.
* @param proxySettings The proxy settings for the request.
*/
constructor(private url: string) {}
constructor(private url: string, private proxySettings?: ProxySettings) {}

/**
* Gets the Signing key.
Expand Down Expand Up @@ -56,12 +59,17 @@ export class OpenIdMetadata {
* @private
*/
private async refreshCache(): Promise<void> {
const res = await fetch(this.url);
let agent = null;
if (this.proxySettings) {
const proxyUrl = `http://${this.proxySettings.host}:${this.proxySettings.port}`;
agent = new HttpsProxyAgent(proxyUrl);
}
const res = await fetch(this.url, { agent: agent });

if (res.ok) {
const openIdConfig = (await res.json()) as IOpenIdConfig;

const getKeyResponse = await fetch(openIdConfig.jwks_uri);
const getKeyResponse = await fetch(openIdConfig.jwks_uri, { agent: agent });
if (getKeyResponse.ok) {
this.lastUpdated = new Date().getTime();
this.keys = (await getKeyResponse.json()).keys as IKey[];
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -303,7 +303,8 @@ export class ParameterizedBotFrameworkAuthentication extends BotFrameworkAuthent
const tokenExtractor = new JwtTokenExtractor(
verifyOptions,
this.toBotFromEmulatorOpenIdMetadataUrl,
AuthenticationConstants.AllowedSigningAlgorithms
AuthenticationConstants.AllowedSigningAlgorithms,
this.connectorClientOptions?.proxySettings
);

const parts: string[] = authHeader.split(' ');
Expand Down Expand Up @@ -389,7 +390,8 @@ export class ParameterizedBotFrameworkAuthentication extends BotFrameworkAuthent
const tokenExtractor: JwtTokenExtractor = new JwtTokenExtractor(
verifyOptions,
this.toBotFromEmulatorOpenIdMetadataUrl,
AuthenticationConstants.AllowedSigningAlgorithms
AuthenticationConstants.AllowedSigningAlgorithms,
this.connectorClientOptions?.proxySettings
);

const identity: ClaimsIdentity = await tokenExtractor.getIdentityFromAuthHeader(
Expand Down Expand Up @@ -475,7 +477,8 @@ export class ParameterizedBotFrameworkAuthentication extends BotFrameworkAuthent
const tokenExtractor: JwtTokenExtractor = new JwtTokenExtractor(
tokenValidationParameters,
this.toBotFromChannelOpenIdMetadataUrl,
AuthenticationConstants.AllowedSigningAlgorithms
AuthenticationConstants.AllowedSigningAlgorithms,
this.connectorClientOptions?.proxySettings
);

const identity: ClaimsIdentity = await tokenExtractor.getIdentityFromAuthHeader(
Expand Down
15 changes: 15 additions & 0 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2782,6 +2782,13 @@ agent-base@6:
dependencies:
debug "4"

agent-base@^7.0.2:
version "7.1.0"
resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-7.1.0.tgz#536802b76bc0b34aa50195eb2442276d613e3434"
integrity sha512-o/zjMZRhJxny7OyEF+Op8X+efiELC7k7yOjMzgfzVqOzXqkBkWI79YoTdOtsuWd5BWhAGAuOY/Xa6xpiaWXiNg==
dependencies:
debug "^4.3.4"

agentkeepalive@^4.1.3:
version "4.1.4"
resolved "https://registry.yarnpkg.com/agentkeepalive/-/agentkeepalive-4.1.4.tgz#d928028a4862cb11718e55227872e842a44c945b"
Expand Down Expand Up @@ -7398,6 +7405,14 @@ [email protected], https-proxy-agent@^5.0.0:
agent-base "6"
debug "4"

https-proxy-agent@^7.0.2:
version "7.0.2"
resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-7.0.2.tgz#e2645b846b90e96c6e6f347fb5b2e41f1590b09b"
integrity sha512-NmLNjm6ucYwtcUmL7JQC1ZQ57LmHP4lT15FQ8D61nak1rO6DH+fz5qNK2Ap5UN4ZapYICE3/0KodcLYSPsPbaA==
dependencies:
agent-base "^7.0.2"
debug "4"

humanize-ms@^1.2.1:
version "1.2.1"
resolved "https://registry.yarnpkg.com/humanize-ms/-/humanize-ms-1.2.1.tgz#c46e3159a293f6b896da29316d8b6fe8bb79bbed"
Expand Down

0 comments on commit 7675c41

Please sign in to comment.