Authentication & Security
JWT Authentication
Token Structure
interface JWTPayload {
userId: number;
email: string;
companyId: number;
role: string;
iat: number;
exp: number;
}
Usage
- API endpoint protection
- MCP server authentication
- Commercial API integration
- Callback token generation
Security Measures
| Measure |
Description |
| Request Validation |
All inputs validated using class-validator |
| File Validation |
File type and size restrictions |
| User Authorization |
Role-based access control |
| Token Management |
Secure JWT generation and validation |
| Environment Security |
Sensitive data in environment variables |
Slack
- Signing secret validation
- OAuth token management
- User email verification
Teams
- Bot framework authentication
- Azure AD integration
- Tenant isolation