Microsoft Bot Framework Direct Line API - get a token without publicly exposing it in Javascript
I'm creating a custom chat box on a wordpress site (hosted outside of Azure) for my bot using a direct line connector and Javascript, and to start a conversation, I need to specify a Direct line SECRET or TOKEN for my bot app.
To get the token, I have to make a REST call to https://directline.botframework.com/v3/directline/tokens/generate and add "Authorization: SECRET Presenter" to the header. I don't want to post this SECRET publicly in my javascript file, and I don't want to pass it as a URL parameter.
What are my other options? How do I get a token without exposing my bot to the Direct SECRET line for the client?
source to share
Unfortunately there is no workaround. Once your web page is served, all of its content, including all script files, is available for scrutiny by anyone who requests the page. The only way to hide your key is to use your server like an average person and keep a secret there. Sorry for the rough drawing:
If your entire project is a static page, then this means that significant work is required to set up the server. Fortunately, it's not as difficult to get a server running today as it was 10 years ago. If you are already familiar with JavaScript, you can quickly learn node.js
. Then you can implement your server with a framework like express which will do most of the heavy lifting for you.
source to share