Merge pull request #9547 from microsoft/southworks/fix/jwt-decode-import

fix: [#9543] Composer does not recognize valid bearer token

Composer/packages/server/src/directline/middleware/__tests__/createBotFrameworkAuthentication.test.ts

@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 import * as jwt from 'jsonwebtoken';
+import { decode } from 'jsonwebtoken';
 
 import {
   usGovernmentAuthentication,
@@ -36,9 +37,9 @@ describe('botFrameworkAuthenticationMiddleware', () => {
     mockNext.mockClear();
     mockEnd.mockClear();
     mockStatus.mockClear();
-    (jwt.decode as jest.Mock).mockClear();
+    (decode as jest.Mock).mockClear();
     (jwt.verify as jest.Mock).mockClear();
-    (jwt.decode as jest.Mock).mockImplementation(() => ({
+    (decode as jest.Mock).mockImplementation(() => ({
       header: {
         kid: 'someKeyId',
       },

Composer/packages/server/src/directline/middleware/createBotFrameworkAuthentication.ts

@@ -3,6 +3,7 @@
 
 import * as jwt from 'jsonwebtoken';
 import * as express from 'express';
+import { decode } from 'jsonwebtoken';
 import { StatusCodes } from 'http-status-codes';
 
 import { authentication, usGovernmentAuthentication, v31Authentication, v32Authentication } from '../utils/constants';
@@ -21,7 +22,7 @@ export const createBotFrameworkAuthenticationMiddleware = () => {
     }
 
     const [authMethod, token] = authorization.trim().split(' ');
-    const decoded: any = /^bearer$/i.test(authMethod) && token && jwt.decode(token, { complete: true });
+    const decoded: any = /^bearer$/i.test(authMethod) && token && decode(token, { complete: true });
 
     if (!decoded) {
       res.status(StatusCodes.UNAUTHORIZED).end();