From 0266cfe68e69653984c00f9f1f6b24ea805836db Mon Sep 17 00:00:00 2001
From: orsharab <orsharab@microsoft.com>
Date: Sun, 20 Jul 2025 14:10:42 +0300
Subject: [PATCH] Add end user auth handoff

---
 README.md        |  2 +-
 azuredeploy.json | 12 ++++++------
 server.js        |  4 ++--
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index aa54ce9..ed719a7 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ A simple web page that allows users to communicate with the [Azure Health Bot](h
 
 2.Set the following environment variables:
 
-`APP_SECRET`
+`END_USER_AUTH_JWT_SECRET`
 
 `WEBCHAT_SECRET`
 
diff --git a/azuredeploy.json b/azuredeploy.json
index df098e4..1eb5203 100644
--- a/azuredeploy.json
+++ b/azuredeploy.json
@@ -47,10 +47,10 @@
                 "description": "Location for all resources."
             }
         },
-        "appSecret": {
+        "endUserAuthJwtSecret": {
             "type": "securestring",
             "metadata":{
-                "description": "Healthbot application secret."
+                "description": "Healthbot end user authentication JWT secret."
             }
         },
         "webchatSecret": {
@@ -109,8 +109,8 @@
                     "alwaysOn": "[variables('alwaysOn')]",
                     "appSettings": [
                         {
-                        "name": "APP_SECRET",
-                        "value": "[parameters('appSecret')]"
+                        "name": "END_USER_AUTH_JWT_SECRET",
+                        "value": "[parameters('endUserAuthJwtSecret')]"
                         },
                         {
                         "name": "WEBCHAT_SECRET",
@@ -170,8 +170,8 @@
                 "siteConfig": {
                     "appSettings": [
                         {
-                          "name": "APP_SECRET",
-                          "value": "[parameters('appSecret')]"
+                          "name": "END_USER_AUTH_JWT_SECRET",
+                          "value": "[parameters('endUserAuthJwtSecret')]"
                         },
                         {
                           "name": "WEBCHAT_SECRET",
diff --git a/server.js b/server.js
index 060d6ab..93c1759 100644
--- a/server.js
+++ b/server.js
@@ -7,7 +7,7 @@ const fetch = require('node-fetch');
 const cookieParser = require('cookie-parser');
 const WEBCHAT_SECRET = process.env.WEBCHAT_SECRET;
 const DIRECTLINE_ENDPOINT_URI = process.env.DIRECTLINE_ENDPOINT_URI;
-const APP_SECRET = process.env.APP_SECRET;
+const END_USER_AUTH_JWT_SECRET = process.env.END_USER_AUTH_JWT_SECRET
 const directLineTokenEp = `https://${DIRECTLINE_ENDPOINT_URI || "directline.botframework.com"}/v3/directline/tokens/generate`;
 
 // Initialize the web app instance,
@@ -111,7 +111,7 @@ app.post('/chatBot',  async function(req, res) {
             response['isAgent'] = true;
         }
         response['directLineURI'] = DIRECTLINE_ENDPOINT_URI;
-        const jwtToken = jwt.sign(response, APP_SECRET);
+        const jwtToken = jwt.sign(response, END_USER_AUTH_JWT_SECRET);
         res.send(jwtToken);
     }
     catch (err) {