Secure Session

Secure session is currently supported in two ways, via a Baas call and via an AuthProfile. The secure session is set at a bot level. Below is the configuration needed to set this up generically for a bot.

Enabling secure sessions on a bot via the cli

First find the bot you want to add secure session to. Take note of the bot Name.

You will need to then run the following command in the cli. sb-cli bot update bot.json

bot.json file looks like this

  "Name": "yourbotname",                // Your bot name
  "SecureSession": true,                // Enable secure session
  "SecureSessionConfig": {
    "ApiAlias": "secureSessionApi",     // The BAAS or AuthProfile alias you created previously
    "ErrorMessage": "Error message for when session is invalid",    // Invalid secure session error
    "ValidationInterval": "10",         // Validate session every 10 seconds
    "Type": "authProfile"               // The type of the secure session, currently baas and authProfile supported

This will enable secure session on the bot and checks every message ingested into the system. The call to the authorization service defined in the ApiAlias is made once we pass the ValidationInterval. So in the above scenario, if the 10 second Validation Interval has passed since the last time the session was validated against the authorization service, the session must be validated again, at which time the interval period of 10 seconds will be reset. If the session is invalid or a secure session is required, the ErrorMessage will be displayed to the user. In the case of an oauth2 authProfile a message containing the link for them to validate, will be displayed to the user.

Before the user has been signed in they will see a lock icon on the top right of messenger Unauthorized Once they have secured their session they will get a shield icon on the top right of messenger Authorized

Once your bot is configured for secure session, proceed to the creation of an Api Connector (Baas or AuthProfile)