An Interest In:
Web News this Week
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
August 18, 2021 09:36 pm GMT
Original Link: https://dev.to/foga/verifying-google-chat-request-in-nodejs-36i
Verifying Google Chat request in NodeJS
Google Chat includes a bearer token in the Authorization header of every HTTPS Request to a bot. For example:
POSTHost: yourboturl.comAuthorization: Bearer %JWT%Content-Type: application/jsonUser-Agent: Google-Dynamite
Decoded JWT token by jwt.io
Header:
{ "alg": "RS256", "kid": "424189bd9a18927f7ee924f1a100601f1524f441", "typ": "JWT"}
Payload:
{ "aud": "1234567890", "exp": 1629047990, "iat": 1629044390, "iss": "[email protected]"}
All bearer tokens sent with requests from Google chat will have [email protected] as the issuer, with the audience field specifying the target bot's project number from the Google API Console. For example, if the request is for a bot with the project number 1234567890, then the audience is 1234567890. [Verifying bot authenticity]
- Extract the KID from the header:
424189bd9a18927f7ee924f1a100601f1524f441
Use the KID to find the matching public key in the JWKS (JSON Web Key Set) endpoint https://www.googleapis.com/service_accounts/v1/jwk/[email protected]:
{ "keys": [ { "use": "sig", "e": "AQAB", "kid": "7a06148a68d82d07a216be41934650062179cab2", "kty": "RSA", "n": "oIGHec8npfK8EG3kVj72jN8WKSGc-8QLMlT6Su_ie7D3AIHM6y-0Sj1OlEw6oIpWGE6oRCczm58uV2-AIOd-CXBWU-1fRMHCM36VpbicKgGKAH_HkRYDtpfCXXoZm5xtGPqV2EzE0OgOvY8_G829sCWM0HBuZdUnS7YDXq51N-Vj2NaFHSlvMZXfYKcZZ_c6oRuvTFWAGg-ce5AzFEusI8cJpjs3lTMQdmUqRC27Jr3wpvHsw51axcohwQ3WoMSnkWsptffnVaXhtHyRyXdUB4c70jb4Ytgr7ZRl33sYw9GmppXX49MJp_c5pxjr1t_tMRiOzmhfZcp-txOCqO653Q", "alg": "RS256" }, { "n": "p1PCbDFnlDBaoDR7qlDxnZvSUHEoOlkrs1k5pTX3gKsgjdkj3CDkkJLKwziaNHhGE85pVwNZQb3DxtyjpOe9Bp9mKtTz1arDBYkaN6uNeCVVz41SO-6bXAKhdwzPQGobKe4N9g35nC85QhlmSbPuJuxr3Wmmz88w-keQAvaYOWm16P-zl8Dg5XQ2JXUVaUmEUv4dv2A3bE2BFBTYicJoLRQBX-oNk0K9wXokcmlGPS_NcjjCIcjWCYK8JWUMuWqnZCCBQVL3xfLt5ED4aC9SnpZ47bbEVrvUWe_7by4CqQ101DAbTg4VjLHSnIU8zmdCgfjA7dtfGg0NSulmNloCMw", "kty": "RSA", "alg": "RS256", "kid": "424189bd9a18927f7ee924f1a100601f1524f441", "e": "AQAB", "use": "sig" } ]}
Verify JWT token using corresponded public key and passing audience and issuer options.
Complete solution
Dependencies
- jsonwebtoken@8.5.1
- jwks-rsa@2.0.4
import { NextFunction, Request, Response, Router } from 'express';import jwt from 'jsonwebtoken';import { JwksClient } from 'jwks-rsa';const GOOGLE_CHAT_PROJECT_NUMBER = '1234567890';const jwksClient = new JwksClient({ jwksUri: 'https://www.googleapis.com/service_accounts/v1/jwk/[email protected]', cache: true,});const router: Router = Router();router.post('/google-chat/events', verificationRequestMiddleware(), async (req, res) => { // process google chat event});function verificationRequestMiddleware() { return async (request: Request, response: Response, next: NextFunction) => { const isVerified = await verifyRequest(request); if (!isVerified) { throw new UnauthorizedError('Authentication failed'); } return next(); };}async function verifyRequest(request: Request): Promise<boolean> { const prefix = 'Bearer '; const authHeader = request.header('Authorization') as string; const token = authHeader?.startsWith(prefix) ? authHeader.slice(prefix.length) : null; if (!token) { return false; } return new Promise<boolean>((resolve, reject) => { const getKey = (header, callback) => { jwksClient.getSigningKey(header.kid, (err, key) => { const signingKey = key.getPublicKey(); callback(null, signingKey); }); }; jwt.verify( token, getKey, { audience: GOOGLE_CHAT_PROJECT_NUMBER, issuer: '[email protected]' }, (err: any, decoded: any) => { if (err) { reject(false); } else { resolve(true); } } ); }); }
Original Link: https://dev.to/foga/verifying-google-chat-request-in-nodejs-36i
Share this article:
Tweet
View Full Article
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To