search

AzureAD / microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
https://stackoverflow.com/questions/tagged/azure-ad-msal+python
Other
819 stars 204 forks source link

Verifying MS Teams token #567

Open StruyveMattice opened 1 year ago

StruyveMattice commented 1 year ago

Hello

I am building a Ask ChatGPT button in my Teams channel for when a K8s alert comes in. When pressing the button a post request is send to a GCP Cloud Function. In that Cloud Function I want to do some authentication, because the OpenAI API request is done there.

When you do a post request is a MS Teams channel, your Azure AD bearer token is passed along. So my question is: Is there a way to validate that Azure AD bearer token in my GCP Cloud function?

bgavrilMS commented 1 year ago

What do you need the token for? Is it a token issued by AAD for your own Web API (that happens to be hosted in GCP)? If it's not intended for your web api, but it's intended for Teams backend service or Graph etc., then you are not supposed to validate it.

@jmprieur @rayluo - what do you suggest for token validation in PY in general?

rayluo commented 1 year ago

what do you suggest for token validation in PY in general?

I suppose it would be sufficient to use some kind of "vanilla token validation" based on the JWT signature, plus verifying some claims based on the receiving app's business need. Perhaps we may provide a sample for this as a stopgap?

bgavrilMS commented 1 year ago

@jmprieur for token validation question.