Private AWS Chatbots with AWS Lex and Facebook messenger using OTP — Concept
AWS Chatbot helps monitor and interact with your AWS resources via preferred messenger applications.
If chatbots need to access confidential or private information stored in enterprise repository over a public messenger like Facebook or Kik, we would need our users to be authenticated and authorized.
To achieve this, we shall use the mechanism of one-time passwords or OTPs.
When accessing a custom chatbot application, it will ask you for an OTP to proceed. This password is sent to you via text message on your mobile device hosing the registered phone number. Leveraging the OTP entered, users can authenticate themselves within the chatbot and enable it to access their private information.
In this blog post, we’ll demonstrate the basic integration of OTP functionality with a chatbot.
Application architecture
The bot solution will be leveraging below AWS services:
- AWS Lex — for the conversational bot mechanism
- AWS Lambda — to generate an OTP
- AWS Redshift DB — to store and retrieve the OTPs
- AWS API Gateway — to access application APIs
- AWS SNS — to publish SMS and email messages
- AWS Lex — for the conversational interface
We demonstrate the integration of bot with Facebook messenger and AWS Lex in this article. We are looking at a sample basic banking application chatbot in the below screen.
To achieve the sequence of events above, we build a search bot that can fetch the information from a public or a private API using an AWS Lambda function.
The overall solution looks like below:
To authenticate the users to use a private API, the Lambda function will generate an OTP and send it to the Redshift DB for storing it against the user’s session and id. The OTP will then be sent by the Lambda to AWS SNS (Simple Notification System). SNS will send the OTP to the user’s mobile number and email ID. Once the user receives the OTP, he/she will use it to authenticate. Once authenticated the chatbot will be granted access to invoke the private API.
Once the user logs-in, the session will remain alive for 5 mins (or the configured time limit). If the session goes inactive beyond the configured limit the session will be re-initiated using a new OTP.
Please find the technical references here:
https://docs.aws.amazon.com/lex/latest/dg/fb-bot-association.html — AWS Lex and Facebook Integration
https://aws.amazon.com/lex/features/?nc=sn&loc=2 — AWS Lex Features
https://online.visual-paradigm.com/drive/#diagramlist:proj=0&new=AWSDiagram — Diagrams developed
