1

I might be missing this entirely in the documentation, but I'm looking for examples of passing authentication to and from Dialogflow.

The Dialogflow examples I find are open for all users, but I want the Dialogflow interaction to be logged into a specific authenticated user. I setup Google Cloud Identity and Firestore Auth, but I can not find good examples of how to move that authentication information securely through Dialogflow in its requests to the Firestore database. I am using NodeJS on the backend webhooks.

YKStacker
  • 45
  • 6

1 Answers1

0

There's no straight-forward option to authenticate a user for Dialogflow fulfillment. A suggestion to handle how to pass credentials and the webhook connection is as follows:

  1. The end-user authenticates to your server
  2. The server creates a new session for this conversation in Dialogflow (or validates the current session)
  3. Your server uses the payload field in the QueryParameters object in the detectIntent request to pass the necessary information to validate the user during the fulfillment
  4. Configure mTLS for your webhook to create a secure connection
  5. Use the payload data in the webhook request to authenticate the user

EDIT

When using Dialogflow-Messenger, you don't have access to the Dialogflow API directly; however, for the step 3, you can still pass a value to queryParams.payload through the user-id HTML customization.

user-id value in HTML customization

Here's an example of how to set it dynamically:

const dfMessenger = document.querySelector('df-messenger');
dfMessenger.setAttribute("user-id", YOUR_USER); // Sent to Dialogflow API through queryParams.payload
Tlaquetzal
  • 2,760
  • 1
  • 12
  • 18
  • That seems like a good solution, particularly with the mTLS secure connection. I'm curious if anyone sees any holes or issues with this approach. – YKStacker Nov 03 '20 at 23:51
  • How do I get the uid or other credentials from the session into the payload? In particular, if I am running the code in a Google Function, how would I load the credentials to be able to populate the payload? – YKStacker Nov 07 '20 at 05:43
  • It'd really depend on how you are authenticating the users and how you access the authentication data. For example, if you're using [callable functions](https://firebase.google.com/docs/functions/callable#write_and_deploy_the_callable_function) you will have the authentication information in the `context` object. You can then include it in the [detectIntent request](https://cloud.google.com/dialogflow/es/docs/reference/rest/v2/projects.agent.sessions/detectIntent), e.g., in the json body -> "queryParams" -> "payload", and later use it in the fulfillment webhook to authenticate the user – Tlaquetzal Nov 09 '20 at 19:33
  • In case you have specific doubts regarding these steps applied to your use case, for example, how to obtain authentication information from Firestore auth or how to use the sdk to authenticate the user, consider creating a new question and including your architecture details and doubts – Tlaquetzal Nov 09 '20 at 19:35
  • Do you know of anywhere with sample code I can follow? I'm open to other approaches, but I am currently authenticating the user using Google Cloud Identity on a simple web page. That authenticated-access-only web page has a Dialogflow Messenger on it. I'm not clear how to get the authentication credentials injected into the call from Dialogflow Messenger to Dialogflow. Then, I think I can get it to the Cloud Function from there, but a sample project or code would help tremendously. – YKStacker Nov 11 '20 at 04:45
  • I see. The approach I mentioned was not considering that you were already using an integration such as Dialogflow-Messenger. The integration handles the calls to the Dialogflow API, so it is normally not possible to add information to the call if the integration doesn't expose those fields for you. Fortunately, the Dialogflow-Messenger integration has a user-id field which works to send information in the queryParams payload. I edited the answer to include this. Regarding the code, I don't have a sample code to recommend here, but I also included a small snippet that can help – Tlaquetzal Nov 12 '20 at 14:35
  • @Tlaquetzal I have just tried that example for Dialogflow-Messenger, and printed out the request body and header but the user-id ( or anything else i've tried) does not appear. the only thing I managed to change was the session-id is there a reason for this? – Dev138 Jan 04 '21 at 13:36