Skip to content

feat: Enable configuration of the OpenIdmetadata's refresh interval #4877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: Enable configuration of the OpenIdmetadata's refresh interval #4877

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
90cdf28
Add tokenRefreshInterval to ConnectorClientOptions
ceciliaavila Apr 14, 2025
31555d2
Add unit tests
ceciliaavila Apr 14, 2025
60df819
Add documentation to new property.
ceciliaavila Apr 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 13 additions & 3 deletions libraries/botframework-connector/src/auth/jwtTokenExtractor.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,22 +34,32 @@ export class JwtTokenExtractor {
* @param metadataUrl Metadata Url.
* @param allowedSigningAlgorithms Allowed signing algorithms.
* @param proxySettings The proxy settings for the request.
* @param tokenRefreshInterval The token refresh interval in hours. The default value is 24 hours.
*/
constructor(
tokenValidationParameters: VerifyOptions,
metadataUrl: string,
allowedSigningAlgorithms: string[] | Algorithm[],
proxySettings?: ProxySettings,
tokenRefreshInterval?: number,
) {
this.tokenValidationParameters = { ...tokenValidationParameters };
this.tokenValidationParameters.algorithms = allowedSigningAlgorithms as Algorithm[];
this.openIdMetadata = JwtTokenExtractor.getOrAddOpenIdMetadata(metadataUrl, proxySettings);
this.openIdMetadata = JwtTokenExtractor.getOrAddOpenIdMetadata(
metadataUrl,
proxySettings,
tokenRefreshInterval,
);
}

private static getOrAddOpenIdMetadata(metadataUrl: string, proxySettings?: ProxySettings): OpenIdMetadata {
private static getOrAddOpenIdMetadata(
metadataUrl: string,
proxySettings?: ProxySettings,
tokenRefreshInterval?: number,
): OpenIdMetadata {
let metadata = this.openIdMetadataCache.get(metadataUrl);
if (!metadata) {
metadata = new OpenIdMetadata(metadataUrl, proxySettings);
metadata = new OpenIdMetadata(metadataUrl, proxySettings, tokenRefreshInterval);
this.openIdMetadataCache.set(metadataUrl, metadata);
}

Expand Down
6 changes: 4 additions & 2 deletions libraries/botframework-connector/src/auth/openIdMetadata.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,12 @@ export class OpenIdMetadata {
*
* @param url Metadata Url.
* @param proxySettings The proxy settings for the request.
* @param tokenRefreshInterval The token refresh interval in hours. The default value is 24 hours.
*/
constructor(
private url: string,
private proxySettings?: ProxySettings,
private tokenRefreshInterval: number = 24,
) {}

/**
Expand All @@ -39,8 +41,8 @@ export class OpenIdMetadata {
* @returns A `Promise` representation for either a [IOpenIdMetadataKey](botframework-connector:module.IOpenIdMetadataKey) or `null`.
*/
async getKey(keyId: string): Promise<IOpenIdMetadataKey | null> {
// If keys are more than 24 hours old, refresh them
if (this.lastUpdated < Date.now() - 1000 * 60 * 60 * 24) {
// If keys are older than the refresh interval (default 24 hours), refresh them
if (this.lastUpdated < Date.now() - this.tokenRefreshInterval * 1000 * 60 * 60) {
await this.refreshCache();

// Search the cache even if we failed to refresh
Expand Down
3 changes: 3 additions & 0 deletions libraries/botframework-connector/src/auth/parameterizedBotFrameworkAuthentication.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,7 @@ export class ParameterizedBotFrameworkAuthentication extends BotFrameworkAuthent
this.toBotFromEmulatorOpenIdMetadataUrl,
AuthenticationConstants.AllowedSigningAlgorithms,
this.connectorClientOptions?.proxySettings,
this.connectorClientOptions?.tokenRefreshInterval,
);

const parts: string[] = authHeader.split(' ');
Expand Down Expand Up @@ -393,6 +394,7 @@ export class ParameterizedBotFrameworkAuthentication extends BotFrameworkAuthent
this.toBotFromEmulatorOpenIdMetadataUrl,
AuthenticationConstants.AllowedSigningAlgorithms,
this.connectorClientOptions?.proxySettings,
this.connectorClientOptions?.tokenRefreshInterval,
);

const identity: ClaimsIdentity = await tokenExtractor.getIdentityFromAuthHeader(
Expand Down Expand Up @@ -480,6 +482,7 @@ export class ParameterizedBotFrameworkAuthentication extends BotFrameworkAuthent
this.toBotFromChannelOpenIdMetadataUrl,
AuthenticationConstants.AllowedSigningAlgorithms,
this.connectorClientOptions?.proxySettings,
this.connectorClientOptions?.tokenRefreshInterval,
);

const identity: ClaimsIdentity = await tokenExtractor.getIdentityFromAuthHeader(
Expand Down
5 changes: 5 additions & 0 deletions libraries/botframework-connector/src/connectorApi/models/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,11 @@ export interface ConnectorClientOptions extends ServiceClientOptions {
* HTTP and HTTPS agents which will be used for every HTTP request (Node.js only).
*/
agentSettings?: AgentSettings;

/**
* Token refresh interval in hours used to determine when to refresh the token cache. The default value is 24 hours.
*/
tokenRefreshInterval?: number;
}

/**
Expand Down
37 changes: 36 additions & 1 deletion libraries/botframework-connector/tests/openIdMetadata.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ GOG4x32vEzakArLPxAKwGvkvu0jToAyvSQIDAQAB
assert.equal(foundKey.key, publicKey);
});

it('calls refreshCache if lastUpdated < (1000 * 60 * 60 * 24)', async function () {
it('calls refreshCache if lastUpdated < refreshInterval (default 24)', async function () {
let nockScope = setupNockCalls();

const openIdMetadata = new OpenIdMetadata(mockUrl + mockMetadataUrl);
Expand All @@ -93,6 +93,41 @@ GOG4x32vEzakArLPxAKwGvkvu0jToAyvSQIDAQAB
assert(nockScope.isDone(), 'nock calls not completed');
assert.equal(foundKey.key, publicKey);
});

it('calls refreshCache if lastUpdated > refreshInterval', async function () {
let nockScope = setupNockCalls();

const tokenRefreshInterval = 3; // 3 hours

const openIdMetadata = new OpenIdMetadata(mockUrl + mockMetadataUrl, null, tokenRefreshInterval);
let foundKey = await openIdMetadata.getKey(kid);
assert(nockScope.isDone(), 'nock calls not completed');

assert.equal(foundKey.key, publicKey);
openIdMetadata.lastUpdated = Date.now() - 1000 * 60 * 60 * 4;

nockScope = setupNockCalls();
foundKey = await openIdMetadata.getKey(kid);
assert(nockScope.isDone(), 'nock calls not completed');
assert.equal(foundKey.key, publicKey);
});

it('retrieves cached key if lastUpdated < refreshInterval', async function () {
let nockScope = setupNockCalls();

const tokenRefreshInterval = 3; // 3 hours

const openIdMetadata = new OpenIdMetadata(mockUrl + mockMetadataUrl, null, tokenRefreshInterval);
let foundKey = await openIdMetadata.getKey(kid);
assert(nockScope.isDone(), 'nock calls not completed');

assert.equal(foundKey.key, publicKey);
openIdMetadata.lastUpdated = Date.now() - 1000 * 60 * 60 * 2;

nockScope = setupNockCalls();
foundKey = await openIdMetadata.getKey(kid);
assert.equal(foundKey.key, publicKey);
});
});

function setupNockCalls() {
Expand Down
Loading