AttestationTokenValidationOptions interface

Package:

@azure/attestation

Options used to validate attestation tokens.

Remarks

If validateToken, validateNotBeforeTime, or validateExpirationTime are not provided, they are all assumed to be 'true'.

Properties

expectedIssuer	The expected issuer for the AttestationToken. Only checked if validateIssuer is set.
timeValidationSlack	Tolerance time (in seconds) used to accound for clock drift between the local machine and the server creating the token.
validateAttestationToken	Validation function which allows developers to provide their own validation functionality for the attestation token. This can be used to perform additional validations for signing certificate in AttestationSigner.
validateExpirationTime	If true, validate the expiration time for the token.
validateIssuer	If true, validate the issuer of the token.
validateNotBeforeTime	If true, validate the "not before" time for the token.
validateToken	If true, validate the attestation token, if false, skip validation.

Property Details

expectedIssuer

The expected issuer for the AttestationToken. Only checked if validateIssuer is set.

expectedIssuer?: string

Property Value

string

timeValidationSlack

Tolerance time (in seconds) used to accound for clock drift between the local machine and the server creating the token.

timeValidationSlack?: number

Property Value

number

validateAttestationToken

Validation function which allows developers to provide their own validation functionality for the attestation token. This can be used to perform additional validations for signing certificate in AttestationSigner.

validateAttestationToken?: (token: AttestationToken, signer?: AttestationSigner) => undefined | string[]

Property Value

(token: AttestationToken, signer?: AttestationSigner) => undefined | string[]

Remarks

If there is a problem with token validation, the validateAttestationCallback function will return an array of strings indicating the set of problems found in the token.

validateExpirationTime

If true, validate the expiration time for the token.

validateExpirationTime?: boolean

Property Value

boolean

validateIssuer

If true, validate the issuer of the token.

validateIssuer?: boolean

Property Value

boolean

validateNotBeforeTime

If true, validate the "not before" time for the token.

validateNotBeforeTime?: boolean

Property Value

boolean

validateToken

If true, validate the attestation token, if false, skip validation.

validateToken?: boolean

Property Value

boolean