I have seen the tutorial for starting the cloud functions and creating a guestbook on IBM Cloud, but when trying to connect an App ID it actually requires an application and not a Cloud Functions API.
So how can I connect them? Is there some tutorial somewhere? What needs to be considered?
depending on what you want to do, take a look in https://console.bluemix.net/docs/services/appid/relatedlinks.html#secure.
Specifically one of
Securing your Cloud Functions API
Securing your serverless Cloud Functions mobile backend with App ID
Tutorial: GitHub traffic analytics with Cloud Functions and Cloud Foundry
Cloud Functions supports OAuth 2.0 user authorization out of the box and you can bound your App ID instance directly to it.
Here's a fairly recent tutorial showing the steps:
https://www.ibm.com/cloud/blog/authenticating-users-with-cloud-functions-api-gateway-and-app-id
If you're looking to automatically initiate a new authentication flow as in redirect to the an identity provider where you're user will sign in, you'll have to either add logic to your application using an OIDC SDK (For instance App ID's: https://github.com/ibm-cloud-security/appid-serversdk-nodejs/) or add it manually handle the flow from a set of actions.
If you go the action approach, you'll have to keep in mind that they are ephemeral and can't keep session state, so you'll have to keep secure cookies in the user's browser.
Related
I have been wondering if it is possible to integrate Google Cloud Services such as Cloud Text-to-Speech in Flutter. The lack of documentation makes me wonder if there's some workaround or something because I can't find a way to integrate.
As you can see in the documentation, there are only samples for different languages, no presence for Flutter:
https://cloud.google.com/text-to-speech/docs/samples/tts-synthesize-text
enter image description here
Any suggestions? Will appreciate it.
GCP TtS is available also by REST API calls, as any other GCP service. So you can write Dartcode to perform an HTTP POST request to send text or audio.
BTW you have to consider how to authenticate to TtS, and there are different options, some of them:
your users need to be authenticated in your GCP organization by your mobile app, and they also need to have the permissions to invoke that service. Then your app can invoke TtS using HTTP POST and impersonating the user.
your mobile app authenticate the users without a GCP or Firebase identity. In that case you need a backend layer (might be a REST service or a simple Cloud function) acting as a proxy between your mobile app and TtS. Your app calls your backend, the backend authenticates to TtS using a service account (GPC identity), then the backend invokes TtS and sends back the result to your mobile app.
We are using google cloud platform to host our stripe payment gateway. The cloud function sends the payment intent to stripe and a callback that stripe calls with a session object.
Inside the google cloud platform, we are not sure what permission to set our cloud function. Right now, we allow all public access and we are fearing that a hacker can see our secret key from our index.js (where the cloud functions live), or has the ability to manipulated the code inside of the index.js.
With the function's purpose described above, what is the safest permission setting that does not allow any public users to read or manipulate our functions? All we want is to allow the users to invoke the function,
thank you
I've implemented Stripe for an app using a combination of the Golang SDK and JavaScript SDKs that I'm deploying as an app to Cloud Run. So my config is slightly different to yours.
You should be able to:
Provide some protection by keeping Stripe's API keys as environment variables so that the JavsScript only accesses these in-memory. You may want to consider using Secret Manager.
Differentiate between authenticated handlers that trigger the flow and restricted handlers that accept the callback from Stripe.
You can authenticate using Cloud IAP (Google auth requiring users be part of the project) or e.g. Cloud Endpoints and Firebase auth
You can restrict access to the callback to Stripe's endpoints
I'm not a security guy.
Your learnings would make an interesting customer story for Stripe and GCP.
check how these guys implement their stripe functions, they have a bunch of them https://functions.store
I am making a chat bot that requires the use of 3 external APIs to be used as responses. When wanting to call an external API from within Watson Assistant, webhooks would be required to connect to one API either locally or on the cloud (IBM functions). How would I connect more than one API to the assistant if possible ?
Unfortunately no, not at this time. The design was meant to have a middleware app that orchestrated the apis, formats the data, etc just like the video in the docs.
We have integrated IBM Watson Assistant skill/workspace with a Facebook page using the Watson features. We did this using an integrated approach from Virtual Assistants tab.
We are able to get the response in Facebook Messenger from Watson skill/workspace FAQS. Now we want to add a few more questions to skill/workspace and get the response from a database.
We know that we can use IBM Cloud Functions to get DB data and respond back with the data, but Cloud Functions action types (web_action and cloud_function or server) incur a cost, hence we are looking for another approach.
We have our own APIs developed for the DB and want use those in Watson Assistant dialogue node actions. Please let us know how we can add it in actions and get a response from the API without using client application/cloud functions.
Note: we haven't developed any application for this chatbot, we directly integrated Watson skill/workspace with the Facebook page and trying to call API calls wherever we require them from the dialogue nodes.
As you can see, IBM Watson Assistant allows to invoke three different types of actions from a dialog node.
client,
server (cloud_function),
web_action.
Because for cloud_function and web_action the action is hosted as Cloud Function on IBM Cloud, the computing resources are charged. For type client, your app would handle the API call and the charges depend on where your app is hosted. Thus, there are always costs.
What you could do is to write a wrapper function that is deployed as web_action or cloud_function. Thus, there isn't much of computing resource needed and the charges would be minimal. But again, independent of the action type, there are always costs (maybe not charges) - one way or another...
I was just fiddling around different machine learning platforms and was planing to use Google predictive API for creating predictive chat bot.
The issue that I am facing now is each request to the API requires OAuth authentication. The fact that I will not be able to authenticate requests for processing the text entered by a client is the real concern. How will I probably respond to a text entered in the chat by a guest user in real time? Is it possible or is Google predictive API not made for this use case?
I am following Prediction API Quick Start Guide by Google and using POST MAN for making API calls.
If possible, please guide me using references or code snippet.
You can create service accounts in place of OAuth authentication tokens. You can create these through the Google Cloud Console. It will then give you the ability to create a server to server (Google) auth that you can use to interact with the API.