Skip to content

Securely pass token from client to bot via token service #5000

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Securely pass token from client to bot via token service #5000

wants to merge 3 commits into from

Conversation

xieofxie
Copy link

@xieofxie xieofxie commented Jan 9, 2024
edited by boydc2014
Loading

This PR provides an alternative way and more secure way to pass a client token to bot application via token service, instead of the current demo approach which directly sends the token as a channel event.

Clients now leverage a SAS feature in token service to create a short-lived SAS session to set the token into and token service will forward that to bot.

No changes required for bot application. This doesn't change when and where bot is waiting for the token. This only impacts the path from client to bot.
 

Fixes #

Changelog Entry

Description

Design

Specific Changes

-

  • I have added tests and executed them locally
  • I have updated CHANGELOG.md
  • I have updated documentation

Review Checklist

This section is for contributors to review your work.

  • Accessibility reviewed (tab order, content readability, alt text, color contrast)
  • Browser and platform compatibilities reviewed
  • CSS styles reviewed (minimal rules, no z-index)
  • Documents reviewed (docs, samples, live demo)
  • Internationalization reviewed (strings, unit formatting)
  • package.json and package-lock.json reviewed
  • Security reviewed (no data URIs, check for nonce leak)
  • Tests reviewed (coverage, legitimacy)

@boydc2014 boydc2014 changed the title sas sso demo Securely pass token from client to bot via token service Jan 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@a-b-r-o-w-n a-b-r-o-w-n Awaiting requested review from a-b-r-o-w-n a-b-r-o-w-n will be requested when the pull request is marked ready for review a-b-r-o-w-n is a code owner

@compulim compulim Awaiting requested review from compulim compulim will be requested when the pull request is marked ready for review compulim is a code owner

@cwhitten cwhitten Awaiting requested review from cwhitten cwhitten will be requested when the pull request is marked ready for review cwhitten is a code owner

@srinaath srinaath Awaiting requested review from srinaath srinaath will be requested when the pull request is marked ready for review srinaath is a code owner

@tdurnford tdurnford Awaiting requested review from tdurnford tdurnford will be requested when the pull request is marked ready for review tdurnford is a code owner

@beyackle2 beyackle2 Awaiting requested review from beyackle2 beyackle2 will be requested when the pull request is marked ready for review beyackle2 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@xieofxie