This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Dialogflow CX Data Store Agent - 403 Forbidden on Cited Document

Posted on 03-16-2024 07:36 AM
thesammiller
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Thank you to everyone for all the helpful advice here. I have been able to get a Dialogflow CX Data Store Agent working. However, when users click the cited document, they get a 403 Forbidden. The documents are in Cloud Storage buckets and are not publicly available. 

The users have access to Cloud Storage in IAM, and I even added a custom Cloud Storage read scope to the OAuth. It seems like one answer might be using webhooks to create signed URLs? Are there any other ways to make private documents available to users in Dialogflow CX? 

0 6 498
Topic Labels
0 Likes
6 REPLIES 6

Posted on --/--/---- --:-- AM
xavidop
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi @thesammiller , unfortunately not, you will need to create a different public bucket and link it to a new data store. The information in that bucket could be easily accessible and it going to be more safe since you will know which information is public or not.

Another thing that you can try is to have a webhook that transforms those gs bucket links to something else publicly available.

Best,

Xavi

0 Likes

Posted on --/--/---- --:-- AM
piyush_garg
Bronze 2
Bronze 2
In response to xavidop
Reply posted on --/--/---- --:-- AM

@thesammiller signedURL is one of the good option as their you can define the time at how much time it should be public 

Regards

Piyush Garg

0 Likes

Posted on --/--/---- --:-- AM
kevin_PE
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

I am running into the same issue. Since you only get the uri, snippet and title, how can you make a signedURL? You don't get the document id, document name or bucket info, any of which would actually make it much easier than trying to strip that info out from the uri. I thought that there would be some way to get the data from the $request.knowledge object, but that doesn't seem to be the case.

0 Likes

Posted on --/--/---- --:-- AM
lijokjohn
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @thesammiller ,

Did you find a solution for opening the cited documents? COuld you share some insights?

Thanks

John

0 Likes

Posted on --/--/---- --:-- AM
kevin_PE
Bronze 2
Bronze 2
In response to lijokjohn
Reply posted on --/--/---- --:-- AM

It basically was what I had mentioned, manually splitting the stringValue and creating the bucket/file from that:

    // Create presigned URL
    const url = responseData.actionLink.stringValue || "";
    const bucketName = url.split("/")[3];
    const fileName = url.split(bucketName)[1].split("#page=")[0].slice(1);
    const pageNumber = url.split("#page=")[1];

    const signedUrlConfig = {
      version: "v4" as "v4" | "v2" | undefined, // Can also use 'v2' based on desired format
      action: "read" as "read" | "write" | "delete" | "resumable", // Specify action (read, write, or delete)
      expires: Date.now() + 1000 * 60 * 60, // Expires in 1 hour
    };
0 Likes

Posted on --/--/---- --:-- AM
lijokjohn
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

@kevin_PE 

Thanks. Your solution works.

However later I came across the below article from GCP.

I could get the ' 403 Forbidden' error go away by just switching off the data audit logs. Works only if you are using a authenticated browser though.

https://cloud.google.com/storage/docs/troubleshooting#trouble-download-storage-cloud

Thanks,

Lijo John

 

Nevertheless I also realized that 

0 Likes