I have my bot ready and working with Direct Line Secret in WebChat (by passing &s=SECRET in URL) and on other channels.
I am interested in the integration of front-end Custom Chat Application using Direct Line ClientJS (link at bottom).
After going through the documentation on Bot Framework I came to know that it can be done in 2 ways:
- Pass Direct Line secret from front-end Chat Application in ClientJS
- Passing Token from front-end Chat Application (But, this requires Direct Line Secret to be passed to generate token first time)
As I develop bots for my clients with their respective use-cases which need to be kept private with client servers.
So, anybody having Direct Line Secret can easily obtain Bots Logic (i.e Not actual code, but what answer bot replies to particular question) by just passing that Direct Line secret in Microsoft Bot Framework provided WebChat client (by passing s=SECRET in URL)
So, basically, how do I hide the secret from others?
Direct Line Client : https://github.com/Microsoft/BotBuilder-Samples/tree/master/Node/core-DirectLine
Authentication Mechanism : https://docs.microsoft.com/en-us/bot-framework/rest-api/bot-framework-rest-direct-line-3-0-authentication
Programming Languages:
- FrontEnd - Angular.js with Typescript
- Backend - Node.js on Heroku