Skip to main content

Notifications

Publish & Channel Management
Unanswered

Web Channel Security Not Working in Copilot Studio

Posted on by 2

Hello Community Members,

I hope you’re all doing well! I’ve been using Microsoft Copilot Studio to build and deploy my chatbot on our custom website app. However, I’ve encountered an issue related to web channel security.

Here are the details of the problem:

  1. Issue: Web channel security is not functioning as expected. It works sometimes and not others. 
  2. Scenario: I want to restrict access to my bot using the secret and tokens. but I often get a 403 Forbitten error when fetching the token. we tested different bots with the following dummy implementation (note we will do all the server site security configuration just did it this way for testing:  

 

 

 

 

 var chatWindow = document.getElementById('chatWindow');
 
 var secret ='secret put here';

fetch('https://directline.botframework.com/v3/directline/tokens/generate', {
 method: 'POST',
 headers: {
 'Authorization': 'Bearer ' + secret
 }
})
.then(response => response.json())
.then(data => {
 var chatWindow = document.getElementById('chatWindow');
 chatWindow.src='https://copilotstudio.microsoft.com/XXXXXXXXXXXXXXXXXXXXXXXXXXXX&token=' + data.token;
})
.catch(error => console.error('Error:', error));

 

 

 

 

 

  • Desired Outcome: I’d like to ensure that only authenticated requests can interact with my bot via the web channel and that the bot can retrieve and pass on the tokens.

Questions:

  • Has anyone been able to use the Direct Line API 3.0?
  • Are there any additional steps I need to take to enforce web channel security effectively?
  • adilei Profile Picture
    adilei on at
    Re: Web Channel Security Not Working in Copilot Studio

    If it's an intermittent issue, try raising a case with support. I'm seeing a similar (older) issue here: Error with Power Virtual Agent Bot: Site Missing code 403 from https://directline.botframework.com/v3/directline/conversations · Issue #4625 · microsoft/BotFramework-WebChat (github.com)

  • yukiko0219 Profile Picture
    yukiko0219 5 on at
    Re: Web Channel Security Not Working in Copilot Studio

    I am trying to connect copilots in the US. (my conversation id also ends in "-us")

  • adilei Profile Picture
    adilei on at
    Re: Web Channel Security Not Working in Copilot Studio

    Are you trying to connect to copilots/bots in different regions?

  • yukiko0219 Profile Picture
    yukiko0219 5 on at
    Re: Web Channel Security Not Working in Copilot Studio

    I am also facing a similar issue.

     

    Following is an example from https://github.com/microsoft/BotFramework-WebChat:

     

    import React, { useMemo } from 'react';
    import ReactWebChat, { createDirectLine } from 'botframework-webchat';
    
    export default () => {
     const directLine = useMemo(() => createDirectLine({ token: 'YOUR_DIRECT_LINE_TOKEN' }), []);
    
     return <ReactWebChat directLine={directLine} userID="YOUR_USER_ID" />;
    };

     

    the connection is sometimes successful, however, it times out in most cases. 

    When I try to refresh the token, I get "Conversation not found" error 

  • adilei Profile Picture
    adilei on at
    Re: Web Channel Security Not Working in Copilot Studio

    Where is this pattern taken from? i.e. a pattern where the token is being passed as a URL parameter?

     

    The sample here should work: Customize the Web Chat canvas - Microsoft Copilot Studio | Microsoft Learn, 

     

    Specifically, this section:

     const directLine = WebChat.createDirectLine({ domain: new URL('v3/directline', directLineURL), token });
    
     // Sends "startConversation" event when the connection is established.
    
     const subscription = directLine.connectionStatus$.subscribe({
     next(value) {
     if (value === 2) {
     directLine
     .postActivity({
     localTimezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
     locale,
     name: 'startConversation',
     type: 'event'
     })
     .subscribe();
    
     // Only send the event once, unsubscribe after the event is sent.
     subscription.unsubscribe();
     }
     }
     });
    
     WebChat.renderWebChat({ directLine, locale, styleOptions }, document.getElementById('webchat'));

     

     

     

     

Helpful resources

Quick Links

Exciting News for Copilot Studio Communi…

Get ready to experience a whole new level of engagement with the Copilot Studio…

Celebrating the May Super User of the…

LaurensM is an exceptional contributor to the Power Platform Community…

Check out the Copilot Studio Cookbook…

We are excited to announce our new Copilot Cookbook Gallery in the Community…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 137,998

#2
RandyHayes Profile Picture

RandyHayes 76,308

#3
Pstork1 Profile Picture

Pstork1 63,059

Leaderboard

Featured topics