在哪里可以找到验证directline.botframe work.com对话JWT令牌的公钥? [英] Where can I find the public key to verify the directline.botframework.com conversation JWT token?
问题描述
按照Azure Bot Service Authentication中的信息,我尝试使用通过OpenId公开的公钥验证JWT令牌:
- https://login.botframework.com/v1/.well-known/openidconfiguration
- https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration
- https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
但是directline.botframe work.com对话的密钥jwt标记都不在这两个标记中,请参见下面的错误:
"IDX10501:签名验证失败。无法匹配密钥:KID:‘."
ConfigurationManager<OpenIdConnectConfiguration> configurationManager =
new ConfigurationManager<OpenIdConnectConfiguration>(openIdMetadataAddress, new OpenIdConnectConfigurationRetriever());
OpenIdConnectConfiguration openIdConnectConfiguration = await configurationManager.GetConfigurationAsync(CancellationToken.None);
TokenValidationParameters tokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = authorizationDomain,
ValidateAudience = false,
IssuerSigningKeys = openIdConnectConfiguration.SigningKeys
};
try
{
JwtSecurityTokenHandler jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
jwtSecurityTokenHandler.ValidateToken(jwt, tokenValidationParameters, out _);
return true;
}
catch (SecurityTokenException)
{
return false;
}
JWT令牌示例(在BOT框架中启动直接对话时生成):
ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImtpZCI6ICJBT08tZXhGd2puR3lDTEJhOTgwVkxOME1tUTgiLA0KICAieDV0IjogIkFPTy1leEZ3am5HeUNMQmE5ODBWTE4wTW1ROCIsDQogICJ0eXAiOiAiSldUIg0KfQ.ew0KICAiYm90IjogImRldi1tYXJpdXNpbXBvLW5lcnRlc3Rib3QwbmVnNC1ib3QiLA0KICAic2l0ZSI6ICJ0RVRMM2ZES3ZGdyIsDQogICJjb252IjogIkZPeXRUdThrTzVRNFVOZmxpS3pSMlgtaCIsDQogICJuYmYiOiAxNTc1MzcxNDYzLA0KICAiZXhwIjogMTU3NTM3NTA2MywNCiAgImlzcyI6ICJodHRwczovL2RpcmVjdGxpbmUuYm90ZnJhbWV3b3JrLmNvbS8iLA0KICAiYXVkIjogImh0dHBzOi8vZGlyZWN0bGluZS5ib3RmcmFtZXdvcmsuY29tLyINCn0.IMKMdlart3nEg6iegVvz5MQ86cp36nLXK1mIT0a7xiOmRLMMlvUjqHA9d2EJUovYAML4RGAapP7BWYgU9CnYtL9dXrJwj_JNacJDov18zUTzbyfzcL8goFJG_PJRjJZbN7ZZZdp1lIis9DbrL56HQBgiBuW4BGhNhgmBauh8SFOIvWfhOYmWoxyfI7Uzkd_5LTVdeL7Lyqi5Ulxzf8UsuDI372US6dA0LZ0BZMCU-M6S9bYFCSBwrvjD5uZOYJ8drCuXnuOl1rxRP_kfMVi-kodWZ84-puo5JYt5QhpptP6vuBYO5-6fW359zJ1csUk-xWFlOH88dh09lpJDbcXgXg
using (var client = new DirectLineClient(secretKey))
{
var conversation = await client.Conversations.StartConversationAsync();
var token = conversation.Token;
}
推荐答案
更新:我不确定the key from the directline.botframework.com conversation JWT token
到底是什么。如果您能为我提供过期令牌,应该可以找到如何验证它。
元数据端点:
https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration
您的代码工作正常。
请检查下面我所做的测试步骤:
通过Azure门户创建
Web App Bot
。这里有详细说明:https://docs.microsoft.com/en-us/azure/bot-service/abs-quickstart?view=azure-bot-service-4.0
获取令牌。
从
Web App Bot
的Configuration
获取MICROSOFT-APP-ID
和MICROSOFT-APP-PASSWORD
。POST https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token Host: login.microsoftonline.com Content-Type: application/x-www-form-urlencoded grant_type=client_credentials&client_id=MICROSOFT-APP-ID&client_secret=MICROSOFT-APP-PASSWORD&scope=https%3A%2F%2Fapi.botframework.com%2F.default
提供值以验证令牌。
3.1。元数据终结点
从令牌终结点构造。
https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration
3.2。发行方
解码了jwt.io处的令牌,并从那里获取实际的颁发者。
https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/
3.3。受众
与颁发者相同。
https://api.botframework.com
验证令牌并获取从令牌解码的
ClaimsPrincipal
对象。static async Task Main(string[] args) { var jwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkJCOENlRlZxeWFHckdOdWVoSklpTDRkZmp6dyIsImtpZCI6IkJCOENlRlZxeWFHckdOdWVoSklpTDRkZmp6dyJ9.eyJhdWQiOiJodHRwczovL2FwaS5ib3RmcmFtZXdvcmsuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvZDZkNDk0MjAtZjM5Yi00ZGY3LWExZGMtZDU5YTkzNTg3MWRiLyIsImlhdCI6MTU3NTkyMDQwMSwibmJmIjoxNTc1OTIwNDAxLCJleHAiOjE1NzU5MjQzMDEsImFpbyI6IjQyVmdZRGhjMDMwNGFrdENBcXZMYTM2aFJTTExBUT09IiwiYXBwaWQiOiI0MmY5NGM0MS0wYmMwLTRiN2MtODc2MC1jOGI1NTRhYjE2NDIiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9kNmQ0OTQyMC1mMzliLTRkZjctYTFkYy1kNTlhOTM1ODcxZGIvIiwidGlkIjoiZDZkNDk0MjAtZjM5Yi00ZGY3LWExZGMtZDU5YTkzNTg3MWRiIiwidXRpIjoiMWpvWi1TUng5a1MwdUxucVYyOE5BQSIsInZlciI6IjEuMCJ9.WWxIinArkAJgVyAUMu6UJvCy9OJ-B2KGxpT-t9wdRF9qlpw00GvXXuL0HCpUEIWC0efA3ETF3bBBJVYjcXoKsC6Up2UWzkAgA2O_TZhPkG5Tkm5MT7f_mIdoEVWoddawjv3ec_EUfSq1B_UrQu-05AHMe0n46kN94yUWbsIAv9z6Q_HSuKO6_kSSyGwbnsAbsT2nWqYyE05BstvZUccQrSvR4UdbugKDEDxAixhVvOrFJiLng3pKeSljXUxWte7ETw59X9EuA4WJPURzW-kWPJ8tGIP2Wz6RVDU-D1eCp-DB3o4PxT-t8UTBMjwUJBFqQo-w1GtQasJwcnUKKkBhgA"; var claimsPrincipal = await Authenticate(jwt); } public static async Task<ClaimsPrincipal> Authenticate(string jwt) { var openIdMetadataAddress = "https://login.microsoftonline.com/botframework.com/v2.0/.well-known/openid-configuration"; var issuer = "https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/"; var audience = "https://api.botframework.com"; var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>( openIdMetadataAddress, new OpenIdConnectConfigurationRetriever()); var openIdConnectConfiguration = await configurationManager.GetConfigurationAsync(); var tokenValidationParameters = new TokenValidationParameters { // Updated validation parameters ValidIssuer = issuer, ValidAudience = audience, ValidateLifetime = true, ValidateIssuerSigningKey = true, IssuerSigningKeys = openIdConnectConfiguration.SigningKeys }; try { var jwtSecurityTokenHandler = new JwtSecurityTokenHandler(); var claimsPrincipal = jwtSecurityTokenHandler.ValidateToken(jwt, tokenValidationParameters, out _); return claimsPrincipal; } catch (SecurityTokenException e) { return null; } }
这篇关于在哪里可以找到验证directline.botframe work.com对话JWT令牌的公钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!