article by Frank Nimphius, November 2019
In Oracle Digital Assistant version 19.10 (Oracle Digital Assistant for Oracle SaaS) and later, a new Oracle Web SDK integrates Oracle Digital Assistant with web applications and web pages. In addition to its extensive functionality, the Oracle Web SDK supports client security through domain whitelisting and signed JSON Web Token (JWT). Once JWT client security is enabled for an Oracle Web channel, all messages to the web channel require a signed and valid token to be processed by the associated digital assistant.
This article explains how to create a JWT token for use with the Oracle Web SDK messenger. The provided sample follows the recommended security practice, which is to generate the token on a remote server and not in the browser application itself.
Sample Downloads
DISCLAIMER: The token server provided with this article is a sample and should NOT be put into production or exposed on the Internet. A token generator that you put into production e.g. should not get the user ID from the request URI as used in the sample. Instead the user ID must be obtained securely (or getting generated as a random unpredictable number or character sequence). In addition, the token generator should enforce domain restrictions so that it can only be called from known websites (Web SDK). The sample generator in this article is provided as an example for how to create and access a remote generator. Note that security is a complex and sensitive topic that requires an expert.
SDKClientAuthentication.zip (JWT server and test page)
AlfredoDynamicPasta sample skill
Related Content
TechExchange: All 2-Minutes Oracle Digital Assistant Tech Tip Videos on YouTube
