How to hide directline secret and pass token in BotFramwork Node.js webchat

1
votes

I am new to node.js. I have hosted below Webchat version on my server and modified directline keys and speech api keys according to my need.

https://github.com/Microsoft/BotFramework-WebChat/tree/master/samples/speech

The problem here is that currently, i have hardcoded the secret key in below code, instead of which i want to generate directline token and pass it.

BotChat.App({
        bot: bot,
        locale: params['locale'],
        resize: 'detect',
        speechOptions: speechOptions,
        user: user,
        directLine: {
          secret: 'my secret goes here',
          webSocket: params['webSocket'] && params['webSocket'] === 'true' // defaults to true
        }
}, document.getElementById('BotChatGoesHere'));

How to achieve this?

Thanks in advance.

2
node.jsbotframeworkdirect-line-botframework
docs.microsoft.com/en-us/bot-framework/rest-api/… - Nicolas R

2 Answers

0
votes

You need to implement Token refresh mechanism

curl -X POST \
https://directline.botframework.com/v3/directline/tokens/generate \
-H 'authorization: Bearer direct_line_secret' \
-H 'cache-control: no-cache' \ -H 'postman-token: 596bb603-b6f6-4802-c868-bb2055e7cd44'

and you should get response as shown below

which you can feedback token to your direct line app

{ "conversationId": "5pCw0I1VZxD64AZmNR624I", "token": "lqBRp7neCNM.dAA.NQBwAEMAd.DtSAr-V81AE.8WGDZ-O0H4E.CT4ZIuIqHR1AvN8Byb0ewzF4eE", "expires_in": 1800 }

Refer Here for more

-1
votes

You can also use the dotenv module from npm.

This allows you to 'hide' your key and will look something like this:

BotChat.App({
    bot: bot,
    locale: params['locale'],
    resize: 'detect',
    speechOptions: speechOptions,
    user: user,
    directLine: {
      secret: process.env.DIRECT_LINE_SECRET,
      webSocket: params['webSocket'] && params['webSocket'] === 'true' // defaults to true
    }
}, document.getElementById('BotChatGoesHere'));

Hope that helps!