Enabling authenticated visitors in the Chat widget

Have more questions? Submit a request

14 Comments

  • Patrick Silverwise

    If implemented, how does that affect a chat visitor?  Are they required to authenicate or is it just an option?

    0
  • Ramin Shokrizadeh

    If you start authenticating visitors, the chat visitor will not need to do anything on their end. Their name and email will be set from your backend server. 

    0
  • Nick Bockmeulen

    Is it possible to implement this in Guide (Help center)?

    0
  • Ramin Shokrizadeh

    Hi Nick,

    It is possible but requires work and is not out of the box. You would need to create a public endpoint on a URL you own and whitelist the help center URL to get the JWT token. The other option would be to host the help center content yourself and rely on the Guide APIs.

    -Ramin

    0
  • Casey Bowen

    Can you post an example of a properly encoded JWT and the secret used for the signature (feel free to make it the number 1 repeating)? I am fairly certain what I have set up is posting the correct format but the server's response. Also are the IAT and EXP claims expecting UTC or some other timezone that we are supposed to guess at? jwt.io event verified the signature, so I'm not sure where it is failing.

    0
  • Benjamin Lee

    Hi Casey,

    The IAT & EXP should be a unix timestamp which does not carry a timezone (The number of seconds since January 1, 1970 00:00 UTC)

    Using your suggestion of '1111111111111111111111111111111111111111111111111111111111111111' as the secret, I have generated the following JWT:

    eyJhbGciOiJIUzI1NiIsImN0eSI6IkpXVCJ9.eyJuYW1lIjoiU3VuZ2d1bCIsImVtYWlsIjoic3VuZ2d1bEB6ZW5kZXNrLmNvbSIsImlhdCI6MTUzNjI5MDcyMywiZXh0ZXJuYWxfaWQiOiJzdW5nZ3VsIiwicGhvbmUiOiIxMjM0NTY3ODkifQ.73Fd-WO-cJoXGu3DJrY16lArDVBudxGSMW6JqpfprCE

    Which should decode as:

    {
    "name": "Sunggul",
    "email": "sunggul@zendesk.com",
    "iat": 1536290723,
    "external_id": "sunggul",
    "phone": "123456789"
    }

     

    Some possible reasons I can think of for your unsuccessful JWT authentications are:

    1) Your server time might not be in sync, you could look at several public ntp providers to keep your clock in sync. (time.google.com is an option)

    2) You are specifying iat/exp in a unit other than the second

     

    Warmest regards,
    Benjamin

     

    1
  • Casey Bowen

    Hmm... my payload looks like this:

    {
      "name": "First Last",
      "email": "my@email.com",
      "iat": 1536270946,
      "external_id": "S3s2bJgyWP9BekE4Q3lNdGp5bzJLQT09",
      "exp": 1536271306
    }

    Could it be that you are posting a phone number and only the first name and no exp?

    Is the external id something that should exist somewhere in zendesk already?

    0
  • Benjamin Lee

    Hi Casey,

    To better address your query and maintain privacy on our communication I created a support ticket for you on Monday but have not heard back.

    Please feel free to reply via email to the support ticket if you are still facing problems implementing authenticated visitors, so that I may be better able to assist you. 

    Warmest regards,
    Benjamin

    0
  • Hayya Husna

    Where should I put this code? I can't get it works. Please help.

    $zopim(function() {
     $zopim.livechat.authenticate({
       jwtFn: function(callback) {
         fetch('JWT_TOKEN_ENDPOINT').then(function(res) {
           res.text().then(function(jwt) {
             callback(jwt);
           });
         });
       }
     });
    });
    0
  • Ramin Shokrizadeh

    Hi there Hayya,

    It should be added below the widget embed script on your website. If you need help with the process, please email chat@zendesk.com

    -Ramin

     

    0
  • Hayya Husna

    Hi Ramin,

     

    I did it, but is says $zopim is undefined, and when I did it after $zopim is loaded it says "Zendesk Chat: visitor authentication must be initiated immediately after embedding script"

    0
  • Ramin Shokrizadeh

    Hi Hayya,

    This is because you are using the Web Widget and not the Chat standalone widget.

    Here are the instructions for the Web Widget: https://chat.zendesk.com/hc/en-us/articles/360001301627-Enabling-authenticated-visitors-in-the-Web-Widget

    You will need to be in the EAP for the integrated chat experience first before you can use the APIs listed in that article.

    -Ramin

     

    0
  • Zornitsa Georgieva

    I'm interested would that help if I want to prevent spam attacks? Currently, we suffer a lot of those as they target the chat widget on the Guide page. If we implement this, would that mean all chat visitors will be authenticated first (which will exclude the spammers)?

    0
  • Ramin Shokrizadeh

    Hi Zornitsa,

    Sorry to hear that you are experiencing high levels of spam on your help center.

    Authenticating visitors would not reduce these spam messages but we have some things we can do to try and reduce the spam internally.

    Please send the IP addresses of the spam messages and also the content of the message (if it is the same) to chat@zendesk.com

    From there, our developers will investigate it further and see if there are things we can do to reduce the spam messages for you.

    If they are coming from a country you are not supporting, you can also look at using the Country Blacklist setting in the Widget Security Settings section of the Chat dashboard. 

    -Ramin

    0

Please sign in to leave a comment.

Powered by Zendesk