How to verify JWT in middleware function dialogflow

Question

We are sending a HTTP Header with a JWT Token, we have configured this header in dialogflow console.

We want to verify this token in a previous step to send the request to a specific intent, for example welcome_intent.

We are using "middleware" as this previous step, and the verification is correct and it's applied to every communication. And we want to know, how

In case the JWT is wrong, we want to return an error and not continue with the associated intent, for example: welcome_intent.

We have tried to end the flow with "conv.close" in "middleware", but we have seen that the flow continues and it goes to the intent associated with the query.

How can we get out of the flow and return an error in the middleware function?

const {
    dialogflow
} = require('actions-on-google');

const fulfillment = dialogflow({
    clientId: "clientIdDialogflow",
    debug: true
});

const jwt = require('jsonwebtoken');

fulfillment.middleware(async (conv) => {
    let tokenIncorrect = await utils.verifyJWT(conv);
    if (tokenIncorrect) {
        conv.close("Lo siento pero no puedes continuar con la conversación.");
    }
});

// Intents functions 
fulfillment.intent("welcome_intent", .....);

Answer 1

You should be able to throw an UnauthorizedError to terminate the conversation inside intent handlers.

Here are some relevant docs with some example code: https://actions-on-google.github.io/actions-on-google-nodejs/2.12.0/classes/_service_actionssdk_conversation_conversation_.unauthorizederror.html

However, this won't work from a middleware. As you can see in https://github.com/actions-on-google/actions-on-google-nodejs/blob/9f8c250a385990d28705b3658364c74aa3c19adb/src/service/actionssdk/actionssdk.ts#L345-L350, middleware are applied before the UnauthorizedError handling wrapping the call to the intent handler: https://github.com/actions-on-google/actions-on-google-nodejs/blob/9f8c250a385990d28705b3658364c74aa3c19adb/src/service/actionssdk/actionssdk.ts#L370-L389

As implemented, middleware cannot be used to gracefully end fulfillment directly. You can, however, modify the conv object. For example, you could change the target intent (conv.intent = 'UNAUTHORIZED') in these cases and then add a handler for that intent that always throws an UnauthorizedError.