2 min read

Adding JWT Auth To Rasa SocketIO Chatbot

Adding JWT Auth To Rasa SocketIO Chatbot
Photo by regularguy.eth / Unsplash

In this blog post we are going to talk about how to take your existing or new Rasa chatbot and ensure it has JWT auth setup for the Rasa Chat Widget which uses SocketIO for the connection.  If you don't specify a jwt_key option it won't be secure and anyone could technically communicate to your bot if its public.

So instead we want to use JWT auth with Rasa and a channel connector Rasa Chat Widget which only will allow our web chat instance we provide the proper key information with to work.

Creating JWT Token

First things first we need to generate a JWT token, we can use https://jwt.io/ to accomplish this.

You will notice from the image here we have setup a payload data with just the sender_id setup which I think is required from testing in order to work.  The other thing you will want to do is in the section here where you see testing you will want to setup a secure long secret to be used for this.

This is then the same value you will use in the credentials.yaml file for Rasa and supply that secret value for jwt_token in the config like:

  user_message_evt: user_uttered
  bot_message_evt: bot_uttered
  session_persistence: true
  jwt_key: testing
  jwt_method: HS256

Ensure you don't put this value in version control and I would recommend setting this up as a env var type setup.

Setting Up Web Chat

Now we can take the encoded value we got from the previous step above which is on the left side of the screenshot.  We want to put this into the Rasa Web Chat configuration like so in order for the bot to communicate and allow it to work:

    <div id="rasa-chat-widget" data-websocket-url="http://localhost:5005" data-token="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZW5kZXJfaWQiOiJyYXNhLWNoYXQtd2lkZ2V0In0.DmbUTmvTQAXZGmAsiKWbzhuxRk3IfSecWDZ2brSKakE"></div>
    <script src="https://unpkg.com/@rasahq/rasa-chat" type="application/javascript"></script>

Now if we do a rrasa run --cors '*' or whatever you want to use for cors and you should now be able to talk to your bot locally through the web chat widget.

Now when you deploy this to say Kubernetes via helm, you can just use this same SocketIO config in the values setup.  Now only things with the proper encoded jwt setup with the secret will actually be able to work.

Hopefully this helps clear up a little bit how this works, this is completely seperate from the http api and the --jwt-auth flag in the rasa run command as a FYI, so that is another thing you can also setup.