Authentication of Rasa core for WebChat UI or Socketio

I have developed bot for my organization, right now I am using WebChat widget(html script) using socketio channel. I am serving widget to internal network using node server but widget directly communicate with rasa core using socket url. I know rasa server provide buit in jwt authentication but I am not sure how can I use that with webchat widget and let me know other ways in which I can secure connection to rasa core while using socketio channel even if I decide to use different frontend. Thank you.

1 Like

We offer two two built in authentication methods: token based authentication and JWT based authentication. For more information on how to use them, please read our documentation: Running the Server.

If the documentation does not help, can you please describe in more details what exactly you need to know? Thanks.

Thank you for reply. I know about the methods but with the rest requests you can add the token and stuff but when using the socket io channel for rasa core, how do you use the token for authentication does it need to be added with each request of socket or when you first connect to socket io and if so then what is the proper way of doing it because I think webchat widget doesn’t provide authentication functionality yet. please let me know if you want more information.

You need to provide the token for authentication with every request you do against the Rasa server.

As I’m not so familiar with socket io and webchat, I cannot tell you if there is any other way. If you need more support, I’ll check with one of my colleagues.

Hello! Anyone already implemented this scenario ? I am interested how to pass the authentication token on a custom socket channel for the Rasa Core!

Thanks.

Hi! I’m also wondering about the same questions @rajp4690 has mentioned. Very lost about this scenario as well.

Hi, Please give an update on this. thank you.

I guess, the functionality did not changed. Can you explain again what you need to know as the last request is already quite old? Thank you!

If we want to add one of the 2 authentication methods to the Rasa Webchat (which uses SocketIO), how can we integrate the two?

It is still the same, For REST channel it is possible to use JWT with api calls to core server for authentication, for Socket channel as it connect directly to the core server, How does the server authenticate socket connection when it connect the first time(with JWT? or any other way) and then all the conversation between client and core happen directly through socket (No api calls can be seen in network tab of browser as well while conversation is happening once socket is connected) so probably authenticating client request when connection request comes to server first time would be a way to go. Is there mechanism behind the scene core server is using for authentication of socket?

Here is the thread with the similar situation but person moved to Rest at the end: Core Server Security

Hi there, we currently don’t support authentication in either the REST or the socketio input channels. We’re looking into adding that soon though (see Secure API using a JWT instead of token auth · Issue #4379 · RasaHQ/rasa · GitHub).

If you need input-channel authentication in the meantime, one option would be to run your own microservice that performs the JWT auth and if successful forwards requests to your input channel.

JWT can be implemented in rest customer connetor with PyJwt.

@custom_webhook.route("/bot_auth", methods=["POST"])        
        async def auth_token(request: Request):                        
            if not request.json:
                return response.json({"error":"Missing sender"}, 400)
            
            sender_id = await self._extract_sender(request)
            utcnow = datetime.utcnow() + timedelta(seconds=-5)
            expires = utcnow + timedelta(hours=24)                     
            try:
                payload = {'iat': utcnow,'sender_id': sender_id, 'role':'user', 'exp':expires}
                bot_token = jwt.encode( payload,
                                    'thisismysecret', 
                                    algorithm='HS256').decode("utf-8")
            except Exception as e:
                return response.json({'error':str(e)}, 400)
            return response.json({"bot_token":bot_token}, 200)

decorator function required for authentication

1 Like