Open yashgandhi-32 opened 2 hours ago
Hi @yashgandhi-32! Thank you for bringing this issue to our attention. We will investigate and if we require further information we will reach out in one business day. Please use this link to escalate if you don't get replies.
Best regards, Teams Platform
Description: I am using CloudAdapter from the botbuilder package and the createBotFrameworkAuthenticationFromConfiguration method for authentication. However, when I send a request with a malfunctioned JWT token, the request is not rejected by the SDK. I need guidance on how to secure the server to reject any requests that do not originate from Azure Bot Service.
Here’s a snippet of the authentication setup:
Question: How can I ensure that only valid requests from Azure Bot Service with proper JWT tokens are accepted, and any malformed requests are rejected? Is there additional validation or middleware I should implement?