Refresh Speech Services authorization token to use speech more than 10min.

[Shariele]

Hello!

I am wondering if a refresh of the speech authorization token is implemented? As it is now, when using a token it expires after 10 minutes as described in this documentation:
https://docs.microsoft.com/en-us/azure/cognitive-services/speech-service/rest-speech-to-text
Also in this documentation it's mentioned to show how to get, how to use and how to refresh a token. ("In the next few sections you'll learn how to get a token, use a token, and refresh a token.") But the refresh section isn't there so I'm at a loss of how to refresh my token without having to rerender my webchat (like hitting f5).
I know that it's possible to use the subscription key instead and I have tried and it works. But isn't that a major security risk?

Kind regards,
Shariele

[compulim]

@corinagum will follow up.

The sample is at https://github.com/Microsoft/BotFramework-WebChat/blob/master/samples/06.c.cognitive-services-speech-services-js/index.html. It support both subscription key or authorization token for Cognitive Services.

In this sample, the token is generated once from our API server.

We should update this sample to cache/generate it from our Mockbot. The documentation for that work is at https://github.com/compulim/web-speech-cognitive-services#using-authorization-token. Instead of putting a string there, put a Promise<string> will be sufficient.

[Shariele]

EDIT:
I located my error, a small mistake on my part. I removed the parentheses on my promise refreshToken for my ponyfill parameters and everything works fine. It now uses a new token after the refresh. Thank you for the help!
I think that the documentation to refresh a token be put up as a sample or in some way become more clear where to find it.

Hello again!

I've taken a look on the example of how to generate/cache the token. Sadly I can't get it to work and hope you might be able to put me in the right direction.

As described in the example I provide a Promise instead of just a string to the ponyfill.
This is my code:

const speechServicesPonyfillFactory = await window.WebChat.createCognitiveServicesSpeechServicesPonyfillFactory({ authorizationToken: refreshToken(), region });

The function refreshToken() grabs the authorizationToken stored in localStorage change like this:

const refreshToken = function(){
    return new Promise(resolve => {
      console.log("In promise refreshToken");
      resolve(localStorage.getItem("speechAuthorizationToken"));
    });
  }

This cached token is updated by another function by a set interval. When viewing the cached token it is visibly changed when a new token is fetched. But the token used when using the speech service doesn't change during my tests. And after 15min the token has expired which returns an error message telling me the socket is closed since I have no valid credentials.

[compulim]

I think we need to make our sample better by default, so people don't fall into this hole.

You are right, the Cognitive Services package support Promise for authorization token. We should update our sample so it will call/cache the authorization token.

[compulim]

We could use some code similar to this. It will only refresh the token after 10 minutes and cache it through memoization.

const fetchAuthorizationToken = memoize(
  () => {
    return fetch('https://webchat-mockbot.azurewebsites.net/bingspeech/token', { method: 'POST' })
      .then(res => res.json())
      .then(({ token }) => token);
  },
  (x, y) => Math.abs(x - y) < 60000
);

[compulim]

Fixed in #2429.