yangcongsd
commented
11 months ago I have the same problem, is there any good solution?
Closed gongzhang closed 11 months ago
yangcongsd
commented
11 months ago I have the same problem, is there any good solution?
jhakulin
commented
11 months ago @gongzhang @shandayangcong Please see this document: https://learn.microsoft.com/en-us/azure/ai-services/speech-service/how-to-configure-azure-ad-auth?tabs=portal&pivots=programming-language-csharp and let us know if that helps you further.
gongzhang
commented
11 months ago @jhakulin Thank you for providing the information! From my understanding, I should get the access token through the Microsoft Entra service on my own server, and then return the access token to my client for use, right?
jhakulin
commented
11 months ago @gongzhang I believe that is one approach you can take. Alternatively, you can also use cognitive services access token, see example here: https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/csharp/sharedcontent/console/speech_recognition_with_token_sample.cs
Overall, the best practice is to build your application as secure way possible and where you limit handing out the keys as little as possible and have lifetime of tokens configured for backup if something goes wrong.
jhakulin
commented
11 months ago Closing the issue, let us know if there are more things to help.
gongzhang
commented
11 months ago @gongzhang I believe that is one approach you can take. Alternatively, you can also use cognitive services access token, see example here: https://github.com/Azure-Samples/cognitive-services-speech-sdk/blob/master/samples/csharp/sharedcontent/console/speech_recognition_with_token_sample.cs
Overall, the best practice is to build your application as secure way possible and where you limit handing out the keys as little as possible and have lifetime of tokens configured for backup if something goes wrong.
Thanks, @jhakulin! That is very helpful. 😄
👋 Hello!
I would like to know what is the best way to perform Speech SDK authorization in iOS clients. I noticed that the sample projects are setting the Subscription Key and Region in code, but hard coding these information into the client seems to be very insecure.
So, what should I do in the actual iOS app? Should I proxy or forward the Azure API endpoints in my own backend service and implement user verification myself? Does the current SDK support this?