【问题标题】:Microsoft Teams to ServiceNow IntegrationMicrosoft Teams 到 ServiceNow 集成
【发布时间】:2018-10-08 18:05:07
【问题描述】:

我目前正在尝试集成 Microsoft Teams 和 ServiceNow。我能够向团队发送 HTTP 请求并创建连接器卡(通过传入的网络挂钩连接器)。此卡有一个可操作的消息,它将执行 HttpPOST 返回到 ServiceNow 的处理器路径。在这个处理器中,我能够获得包含不记名令牌的授权标头,据我所知,这是一个 JWT 令牌。所以下面是我的问题:

1) 出于安全考虑,我应该验证此 JWT 令牌吗?我试图这样做,因为看起来我需要来自 MS Teams 的共享秘密,而我没有。 2)我这样做正确吗?也许我需要在 MS Teams 中设置一个提供客户端 ID 和 Secret 的机器人,然后在 ServiceNow 中设置 OAuth?

非常感谢您的意见!

【问题讨论】:

    标签: jwt servicenow bearer-token microsoft-teams


    【解决方案1】:

    请看Security requirements for actionable messages in Office 365

    这是Token Validation的C#示例代码:

    HttpRequestMessage request = this.ActionContext.Request;
    
        // Validate that we have a bearer token.
        if (request.Headers.Authorization == null ||
            !string.Equals(request.Headers.Authorization.Scheme, "bearer", StringComparison.OrdinalIgnoreCase) ||
            string.IsNullOrEmpty(request.Headers.Authorization.Parameter))
        {
            return request.CreateErrorResponse(HttpStatusCode.Unauthorized, new HttpError());
        }
    
        // Get the token from the Authorization header 
        string bearerToken = request.Headers.Authorization.Parameter;
    
        ActionableMessageTokenValidator validator = new ActionableMessageTokenValidator();
    
        // This will validate that the token has been issued by Microsoft for the
        // specified target URL i.e. the target matches the intended audience (“aud” claim in token)
        // 
        // In your code, replace https://api.contoso.com with your service’s base URL.
        // For example, if the service target URL is https://api.xyz.com/finance/expense?id=1234,
        // then replace https://api.contoso.com with https://api.xyz.com
        ActionableMessageTokenValidationResult result = await validator.ValidateTokenAsync(bearerToken, "https://api.contoso.com");
    
        if (!result.ValidationSucceeded)
        {
            if (result.Exception != null)
            {
                Trace.TraceError(result.Exception.ToString());
            }
    
            return request.CreateErrorResponse(HttpStatusCode.Unauthorized, new HttpError());
        }
    

    【讨论】:

      猜你喜欢
      • 2021-09-27
      • 1970-01-01
      • 1970-01-01
      • 2019-07-18
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2021-06-12
      相关资源
      最近更新 更多