I’m implementing an interactive dialog.
I wonder if there is any way that my integration backend can authenticate the submitted request from that dialog. I understood that for interactive messages, I can use the context part of the JSON payload to pass along a secret that my backend can validate. Is there anything similar that I can use with interactive dialogs?
@alex_enyway, I’d suggest using the trigger_id for this purpose. It’s effectively a shared secret between the server and your integration that should remain protected if your integration accepts connections over TLS.
@jesse, thanks! Just to make sure I get this right. Is this how it would work?
trigger_id
trigger_id for later verificationPOSTs dialog with trigger_id added to the state so that it’s passed back on submittrigger_idmight have expired by now, that’s why I think I’d have to store it)trigger_idfrom dialog’s stateagainst the stored oneIs this what you suggest? Or can I somehow validate the trigger_idagainst the Mattermost server without adding the overhead of storing it myself?