Skip to content

Docs: layered trust model for JWT validation#2850

Open
corinagum wants to merge 1 commit into
mainfrom
cg/jwt-trust-boundary
Open

Docs: layered trust model for JWT validation#2850
corinagum wants to merge 1 commit into
mainfrom
cg/jwt-trust-boundary

Conversation

@corinagum
Copy link
Copy Markdown
Collaborator

@corinagum corinagum commented May 20, 2026
edited
Loading

Summary

Adds a Trust Model page under Essentials → App Configuration documenting the layered authentication model the SDK uses for inbound JSON Web Tokens.

Why

A scanner flagged the SDK's JsonWebToken accessor class because it does not perform signature verification at the point of token parsing. A cross-SDK audit confirmed this is intentional architecture: signature verification runs at the HTTP boundary (via the activity pipeline's token validator), and the accessor class is a typed view over already-validated payloads. Every consumer of decoded claims is downstream of a validator pass.

This page makes the architectural invariant explicit for SDK consumers, reviewers, and future contributors.

What's covered

  • What the SDK validates automatically on /api/messages (signature, issuer, audience, lifetime, algorithm)
  • What downstream code can rely on (typed accessors over validated tokens)
  • How to add custom authentication to non-default surfaces (MCP, callbacks, webhooks) — references the requireAuth hook recently added in Security hardening: MCP server auth teams.ts#540 / Security hardening: MCP server auth teams.net#448
  • Anti-patterns to avoid (constructing the accessor from untrusted input as a basis for authorization decisions)

Build verified

npm run build clean.

Related PRs

@corinagum
Add Trust Model essentials page
2846cbb 
Documents the layered authentication model: the SDK validates inbound JWTs at
the HTTP boundary, downstream handlers operate on already-validated tokens via
typed accessors, and bots are responsible for authenticating custom surfaces
(MCP, callbacks, webhooks).

Resolves the documentation gap raised by security finding #6, which flagged
the JsonWebToken accessor class for not performing signature verification.
Verification is intentionally separated from the accessor; this page makes
the architectural invariant explicit for SDK consumers.
This was referenced May 20, 2026
Open
Open
Open
@corinagum corinagum marked this pull request as ready for review May 22, 2026 23:15
Copilot AI review requested due to automatic review settings May 22, 2026 23:15
Copilot AI reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new documentation page under Essentials → App Configuration explaining the SDK’s layered authentication/trust model for inbound JWTs, clarifying that signature/issuer/audience/lifetime checks happen at the HTTP boundary and downstream accessors are “validated-payload views”.

Changes:

  • New “Trust Model” page documenting what /api/messages validates and what downstream code can assume.
  • Guidance on extending the same trust posture to custom HTTP surfaces (MCP/callbacks/webhooks) and anti-patterns to avoid.

Comment thread teams.md/src/pages/templates/essentials/app-configuration/trust-model.mdx
Comment on lines +1 to +6
---
sidebar_position: 2
title: Trust Model
summary: How the Teams SDK validates inbound tokens and what you can rely on downstream
languages: ['typescript','python','csharp']
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@corinagum