Direct Line API Microsoft Bot Framework - Get token without exposing secret publicly in Javascript
I'm creating custom chat window on a wordpress site (hosted outside Azure) for my bot using Direct line connector and Javascript, and to start conversation I need to specify Direct line SECRET or a TOKEN for my bot app.
To get a token i have to make a REST call to https://directline.botframework.com/v3/directline/tokens/generate and add to header "Authorization : Bearer SECRET". I don't want to expose that SECRET publicly in my javascript file and I don't want to pass it as a URL parameter.
What are my other options? How to get token without exposing my bot Direct line SECRET to client?
There is no front end solution, unfortunately. After your web page is served, all of its contents including all script files are available to be scrutinized by anybody who requested the page. The only way to hide your key is to use your server as a middle man, and store the secret there. Sorry for the crude drawing:
If your entire project is a static page, then this means substantial work is needed to set up a server. Thankfully, it's not as difficult to get a server up and running today as it was 10 years ago. If you're already familiar with JavaScript, then you'll be able to learn node.js quickly. Then, you can implement your server with a framework such as express which will do a majority of the heavy lifting for you.
- JavaScript Standard Style does not recognize Mocha
- How to do bitwise AND in javascript on variables that are longer than 32 bit?
- How to log JavaScript objects and arrays in winston as console.log does?
- jQuery prevent change for select
- Puppeteer - how to execute for loop synchronously
- Is there any way to set defaults in supertest?
- Nodejs AsyncLocalStorage getStore() return undefined
- React - Prevent Event Trigger on Parent From Child
- How do I convert this javascript into JSON
- Calendar Event Time Incorrect in Script despite Correct Formatting in Google Sheets
- JS Regex MatchAll with combination of Comma & Semicolon
- http://localhost/undefined 404 (Not Found)
- Validating an array's length against another array's length using joi
- Firestore React Js Increment Value by FieldValue without Google Cloud Function
- window.open from a https to http, and from https to http
- React and Tailwind Positioning an Item on Hover within DOM
- Uncaught TypeError: number 0 is not iterable (cannot read property Symbol(Symbol.iterator)) -> Material UI Error
- new Date().getFullYear() in React
- The number is not clearing up after submission even if other fields do clear up
- Date Milliseconds same for two dates
- Is it possible to only show half of a SVG icon?
- Smooth scrolling when clicking an anchor link
- Is it safe to resolve a promise multiple times?
- How can I use Axios with Server-sent events (SSE) in the browser?
- ServiceNow Printing lines from an array in an UI page
- What is the length of bcrypt hash output?
- Handling Audio blobs sent through mediarecorder in JS through python server script for azure service
- Updating javascript object property?
- How do I modify Stumbleupon URL's and provide a direct link to the content page?
- Conflict: Multiple assets emit to the same filename