UNPKG

@microsoft/teams.apps

Version:

<p> <a href="https://www.npmjs.com/package/@microsoft/teams.apps" target="_blank"> <img src="https://img.shields.io/npm/v/@microsoft/teams.apps/latest" /> </a> <a href="https://www.npmjs.com/package/@microsoft/teams.apps?activeTab=code

github.com/microsoft/teams.ts

microsoft/teams.ts

61 lines (60 loc) 2.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
import { type JwtPayload } from 'jsonwebtoken'; import { ILogger } from '@microsoft/teams.common'; export interface IJwtValidationOptions { /** Required: Application/Client ID for audience validation */ clientId: string; /** * This may be 'common', 'organizations', 'consumers' for multi-tenant apps, * or a specific tenant ID for single-tenant apps. */ tenantId?: string; /** * JWKS URI options for fetching public keys */ jwksUriOptions: { type: 'tenantId'; } | { type: 'uri'; uri: string; }; /** Optional: Validate required scope in token */ validateScope?: { requiredScope: string; }; /** Optional: Validate service URL (Bot Framework specific) */ validateServiceUrl?: { expectedServiceUrl: string; }; /** Optional: Custom issuer validation */ validateIssuer?: { /** Allowed */ allowedIssuer: string; } | { /** For multi-tenant apps, restrict to specific tenant IDs */ allowedTenantIds?: string[]; }; /** Optional: Clock tolerance in seconds (default: 300) */ clockTolerance?: number; } export declare class JwtValidator { readonly options: IJwtValidationOptions; private readonly logger?; private readonly jwksCache; constructor(options: IJwtValidationOptions, logger?: ILogger); /** * Validates a JWT token using the configured options */ validateAccessToken(rawToken: string, overrideOptions?: Pick<IJwtValidationOptions, 'validateServiceUrl' | 'validateScope'>): Promise<JwtPayload | null>; private getJwksClient; private getSigningKey; private validateIssuer; private validateScope; private validateServiceUrl; private performCustomValidations; } export declare const createEntraTokenValidator: (tenantId: string, clientId: string, options?: { allowedTenantIds?: string[]; requiredScope?: string; logger?: ILogger; }) => JwtValidator; export declare const createServiceTokenValidator: (appId: string, tenantId?: string, serviceUrl?: string, logger?: ILogger) => JwtValidator;