When I create a bot in Slack, I can use channel configuration on Azure Bot Service to receive event/message from Slack and communicate with my Web App Bot which handles various functions.
However, when I create a bot in a chat service which is not supported in channel configuration (e.g., Discord), I need to set up a client in my Web App Bot (e.g., Discord.Net) to communicate with the service.
Then, although I guess the Direct Line channel (REST API) will handle communication between the Web App Bot and Bot Service, but am not sure if it's correct. Is my assumption right?
Also, it is not clear for me if there's an advantage of using Bot Service in this situation, because simply I may host an individual web app on Azure or another location and let it communicate with the chat service. Why do I need to add one more service to handle?
I suppose that one possible advantage could be that I can easily access various features (e.g., LUIS) via the Bot Service. Also, the bot can handle various platform like Skype or Cortana with one code.
But still I don't really understand this topic. Could anyone give me a suggestion and best practice?
Below is my current understanding, it could be wrong though.
Directline API isn't the easiest to work with, and making a Bot Framework bot work with Discord is going to take a good amount of work. But the purpose of the Directline is to be the connection between your bot (Azure Bot Service/Web App Bot) and Discord. To use the Directline API, you're going to:
1) Get your directline secret by registering your bot on Azure (Azure Bot Services)
2) Create your directline object, using above secret (this is the line of communication between ABS and Discord)
3) Use your directline object to POST activities to the bot from the user and Listen for activities from the bot
4) Additional purposes not related to conversation: your directline object will monitor connection status of your websockets, and keep the token refreshed for the conversations
The Directline-js repo has a good README and code samples, but bear in mind that the framework is constantly being improved. As of this writing, there are 8 pull requests waiting for review for the repo.
The AI Help Website wrote a preview back in July 2018 (before the release of v4) on how to use the Directline API with C#
And finally, the official documentation for the Directline API is here
As for connecting your bot with Discord, the Discord API reference has instructions on how to get your authorization token here.
Related
Hi I'm trying to enable the direct line speech channel with my chatbot developed in node js. I have done the settings by following https://learn.microsoft.com/en-us/azure/bot-service/bot-service-channel-connect-directlinespeech?view=azure-bot-service-4.0 also webchat sample taken from https://github.com/microsoft/BotFramework-WebChat/tree/master/samples/03.speech/a.direct-line-speech. I'm getting the html page with microphone and the speech is converted to text but when send that is not received in my app service endpoint. Can someone guide me what may be wrong in my implementation.
or sharing any documentations that can help me in implementing this will also be very helpful.
Requirements:
We need to get the workspace and the bot installed into the workspace.
Get the bot connected into the Direct Line speech channel
Get the app services running and enable public access
Get the web app and connect it to the application services.
Build the static web app (HTML page) deploy it into the GitHub repository or any kind of repository. For this thread. Considered GitHub.
Launch the application in the browser.
Get the token from the created bot and use them to connect with bot created.
Output:
The following is the output achieved in the browser.
I'm building a bot hosted on Azure and using firebase for cloud functions (ie proactive messaging, collating data etc.) and for cloud firestore db.
Sorry as I'm a bit new to security and please feel free to just link to any useful resources on the below.
Within my bot code I'm using the admin SDK to access firebase. The bot will have no created users. Firestore rules therefore block read and write access to everyone (as admin SDK still has full access).
I have a couple of questions about security:
Is using the admin SDK in this manner (on the bot side) fine? It looks a bit mixed on the firebase documentation - ie https://firebase.googleblog.com/2019/03/firebase-security-rules-admin-sdk-tips.html mentions only using these in trusted environments, which I think the bot should be?
Secondly I am trying to send messages from cloud functions to the bot itself. This will just be a post with no sensitive data attached but I would like to authenticate this on the bot side to check it is from the backend. Is there a way to use firebase to do this (ie authenticating on client?). How else can I do this? I've been a bit confused reading about JWTs and encoding etc.
Thanks
Is using the admin SDK in this manner (on the bot side) fine?
It's totally fine. You don't have security rules there but Cloud functions (or servers) are secure environments so no one can reverse engineer that. You should validate the incoming data yourself. If I assume you are using Discord.JS, then you can just read ID of author and authorize the user:
const {id} = message.author
// use this ID as an identifier
You don't have to worry about the ID being false as it's not being passed by any client. Just make sure you fetch resources of that specific user only.
I am trying to send messages from cloud functions to the bot itself. I would like to authenticate this on the bot side to check it is from the backend
You don't need to validate that. Anyone can send message through your bot only if they get your bot's token which is a secret on server/cloud function. You must make sure only you have it.
On looking at privacy for the bot I built using Microsoft Bot Framework I noticed this:
to provide the I/O service, the Bot Framework transmits your message and message content (including your ID), from the chat service you used to the bot.
I'm concerned about any messages that are sent to my bot being sent in the clear.
Has anyone considered and/or implemented encryption in order to maintain the privacy of the messages in their bot? Or does anyone have any other solution?
When you register your chatbot, it requires an https endpoint. So, your message won't be sent in the clear. Additionally, you must generate an API key and a private password key for secure access to your chatbot so that only the Bot Connector can communicate. Make sure you secure your private keys so no one else can access your chatbot.
As far as I understand, the Emulator is using the DirectLine API to talk to the locally hosted bot, i.e. with http://localhost:3978/api/messages.
How is this possible? To use DirectLine API one needs to
register its bot in the BotConnector
provide the Messaging endpoint
enable DirectLine API and generate DirectLine API secret
The emulator fulfills only the messaging endpoint requirement (http://localhost:3978/api/messages) but still it works perfectly. Why do other channels require BotConnector registration?
So, based on the podcast linked in the GitHub issue provided by #Ezequiel Jadib, the emulator is emulating BotConnector services and as such can directly communicate to the locally hosted bot.
Dan Driscoll explains it would be possible to avoid DiretLine API and talk directly to the bot, though this would mean operating outside the BotFramework ecosystem and you would need your way to deal with security (and probably other things as well)
I built my bot using Node.js. It is working fine on web chat and Skype.
Now I want to use direct line to communicate my web app with my bot. I am confused on how I can maintain the URL in my node.js app.
I am trying something like that:
https://directline.botframework.com/api/conversations/abc123/how%20are%20you/BotConnector/NsNT2RG8oNA.cwA.Emk.8yB_FdFCy18b4iTcxBscDRxQVAB
Here you will find a DirectLine Node.js sample that implements a client to talk with a Node.js bot.
Remember that you also need to enable DirectLine in the Bot Developer portal in order to get the DirectLine credentials.