Enabling authenticated visitors in the Chat widget

Have more questions? Submit a request

28 Comments

  • Patrick Silverwise
    Comment actions Permalink

    If implemented, how does that affect a chat visitor?  Are they required to authenicate or is it just an option?

    0
  • Ramin Shokrizadeh
    Comment actions Permalink

    If you start authenticating visitors, the chat visitor will not need to do anything on their end. Their name and email will be set from your backend server. 

    0
  • Nick Bockmeulen
    Comment actions Permalink

    Is it possible to implement this in Guide (Help center)?

    0
  • Ramin Shokrizadeh
    Comment actions Permalink

    Hi Nick,

    It is possible but requires work and is not out of the box. You would need to create a public endpoint on a URL you own and whitelist the help center URL to get the JWT token. The other option would be to host the help center content yourself and rely on the Guide APIs.

    -Ramin

    0
  • Casey Bowen
    Comment actions Permalink

    Can you post an example of a properly encoded JWT and the secret used for the signature (feel free to make it the number 1 repeating)? I am fairly certain what I have set up is posting the correct format but the server's response. Also are the IAT and EXP claims expecting UTC or some other timezone that we are supposed to guess at? jwt.io event verified the signature, so I'm not sure where it is failing.

    0
  • Benjamin Lee
    Comment actions Permalink

    Hi Casey,

    The IAT & EXP should be a unix timestamp which does not carry a timezone (The number of seconds since January 1, 1970 00:00 UTC)

    Using your suggestion of '1111111111111111111111111111111111111111111111111111111111111111' as the secret, I have generated the following JWT:

    eyJhbGciOiJIUzI1NiIsImN0eSI6IkpXVCJ9.eyJuYW1lIjoiU3VuZ2d1bCIsImVtYWlsIjoic3VuZ2d1bEB6ZW5kZXNrLmNvbSIsImlhdCI6MTUzNjI5MDcyMywiZXh0ZXJuYWxfaWQiOiJzdW5nZ3VsIiwicGhvbmUiOiIxMjM0NTY3ODkifQ.73Fd-WO-cJoXGu3DJrY16lArDVBudxGSMW6JqpfprCE

    Which should decode as:

    {
    "name": "Sunggul",
    "email": "sunggul@zendesk.com",
    "iat": 1536290723,
    "external_id": "sunggul",
    "phone": "123456789"
    }

     

    Some possible reasons I can think of for your unsuccessful JWT authentications are:

    1) Your server time might not be in sync, you could look at several public ntp providers to keep your clock in sync. (time.google.com is an option)

    2) You are specifying iat/exp in a unit other than the second

     

    Warmest regards,
    Benjamin

     

    1
  • Casey Bowen
    Comment actions Permalink

    Hmm... my payload looks like this:

    {
      "name": "First Last",
      "email": "my@email.com",
      "iat": 1536270946,
      "external_id": "S3s2bJgyWP9BekE4Q3lNdGp5bzJLQT09",
      "exp": 1536271306
    }

    Could it be that you are posting a phone number and only the first name and no exp?

    Is the external id something that should exist somewhere in zendesk already?

    0
  • Benjamin Lee
    Comment actions Permalink

    Hi Casey,

    To better address your query and maintain privacy on our communication I created a support ticket for you on Monday but have not heard back.

    Please feel free to reply via email to the support ticket if you are still facing problems implementing authenticated visitors, so that I may be better able to assist you. 

    Warmest regards,
    Benjamin

    0
  • Hayya Husna
    Comment actions Permalink

    Where should I put this code? I can't get it works. Please help.

    $zopim(function() {
     $zopim.livechat.authenticate({
       jwtFn: function(callback) {
         fetch('JWT_TOKEN_ENDPOINT').then(function(res) {
           res.text().then(function(jwt) {
             callback(jwt);
           });
         });
       }
     });
    });
    0
  • Ramin Shokrizadeh
    Comment actions Permalink

    Hi there Hayya,

    It should be added below the widget embed script on your website. If you need help with the process, please email chat@zendesk.com

    -Ramin

     

    0
  • Hayya Husna
    Comment actions Permalink

    Hi Ramin,

     

    I did it, but is says $zopim is undefined, and when I did it after $zopim is loaded it says "Zendesk Chat: visitor authentication must be initiated immediately after embedding script"

    0
  • Ramin Shokrizadeh
    Comment actions Permalink

    Hi Hayya,

    This is because you are using the Web Widget and not the Chat standalone widget.

    Here are the instructions for the Web Widget: https://chat.zendesk.com/hc/en-us/articles/360001301627-Enabling-authenticated-visitors-in-the-Web-Widget

    You will need to be in the EAP for the integrated chat experience first before you can use the APIs listed in that article.

    -Ramin

     

    0
  • Zornitsa Georgieva
    Comment actions Permalink

    I'm interested would that help if I want to prevent spam attacks? Currently, we suffer a lot of those as they target the chat widget on the Guide page. If we implement this, would that mean all chat visitors will be authenticated first (which will exclude the spammers)?

    0
  • Ramin Shokrizadeh
    Comment actions Permalink

    Hi Zornitsa,

    Sorry to hear that you are experiencing high levels of spam on your help center.

    Authenticating visitors would not reduce these spam messages but we have some things we can do to try and reduce the spam internally.

    Please send the IP addresses of the spam messages and also the content of the message (if it is the same) to chat@zendesk.com

    From there, our developers will investigate it further and see if there are things we can do to reduce the spam messages for you.

    If they are coming from a country you are not supporting, you can also look at using the Country Blacklist setting in the Widget Security Settings section of the Chat dashboard. 

    -Ramin

    0
  • Web ZMT
    Comment actions Permalink

    Hi,

     
    We're trying to add authentication in our zendesk account using your authenticated visitors API, unfortunately we can't make it and receiving error messages like this
     
    "Zendesk Chat Web SDK: Error: init: Failed to verify token: jwt verification error"
     
    We already follow the steps you provided on the documentation, need further information.
     
    We need your assistance the soonest. Thanks!
    0
  • Ramin Shokrizadeh
    Comment actions Permalink

    Hi Web ZMT,

    Can you ensure that the secret you are using is the one from the Chat dashboard and not the Support one? Also ensure you are sending the iat value as an integer. 

    If you are still experiencing problems, please email chat@zendesk.com with your webpage with the code and the team will look into it further.

    Thanks,

    Ramin

    0
  • Ahmad Milzam
    Comment actions Permalink

    Hi Ramin,

    I've an error on my local machine while trying to authenticate loggedin user in zendesk.

    Here is my node js server code:

    const secret = process.env.ZENDESK_WIDGET_SECURITY_KEY;
    const payload = {
    name: user.name,
    email: user.email,
    external_id: user.id,
    iat:Math.round(newDate().getTime() /1000),
    exp:Math.round(newDate().getTime() /1000) +420,
    };

    const token = jwt.sign(payload, secret);
    return res.send(token);

    I get this error in browser's console:

    Zendesk Chat: failed to verify token: jwt verification error


    I don't know what to do because I follow everything in your instruction above.
     
     

    Thank you very much
    0
  • Ramin Shokrizadeh
    Comment actions Permalink

    Hi Ahmad,

    Nothing looks wrong with your code. Is there a page we can look at to see the error ourselves? Alternatively, can you send us a HAR file so we can investigate it further.

    Thanks,
    Ramin

    0
  • Franco Sirena
    Comment actions Permalink

    Hi,

    I was able to have that working already, but, I was hopping to have a way of catching if any error occur during authentication, so I can use the setName and setEmail approach.

    If that is possible it would be awesome, 'cause we don't want to block our users from using the chat if there was an error during authentication process, 'cause most of times that wouldn't be their fault.

    0
  • Ramin Shokrizadeh
    Comment actions Permalink

    Hi Franco,

    Currently, there is no callback function for when an authentication attempt fails. There is an error in the browser console if/when it happens.

    I have shared your feedback with the engineering team and we will let you if/when an enhancement to the widget would add such capability down the road. Currently, there is no plans for this to be addressed in the next 6 months but we will let you know if that changes.

    Thanks,

    Ramin

    0
  • Oliver Jackson
    Comment actions Permalink

    Hi team,

    forgive me if this is a dumb question, but does this mean that we can display the chat widget only to users who have signed into our website? Or is it for forcing users to sign in with their credentials on our website in the pre-chat form?

    Thanks folks! :)

    0
  • fabio.dotti
    Comment actions Permalink

    Hi team

    Is it possible to implement an unauthenticated chat version and an authenticated one at the same time? In other words, does the unauthenticated customer access by entering certain data, while the authenticated customer does not have to enter anything?

    thanks!

    Fabio

    0
  • Ramin Shokrizadeh
    Comment actions Permalink

    @Oliver It is more of the later, setting the visitor information in an authenticated manner. If you need to show/hide the widget, you will need to write custom code and use our JS APIs to do that. If you need help using the APIs, please email support@zendesk.com

    @Fabio it is possible to have authenticated and not authenticated widgets on different domains. One thing to note, a non-authenticated visitor cannot have their details/chats transferred/continue after becoming authenticated.

     

    1
  • fabio.dotti
    Comment actions Permalink

    Hi Ramin

    But I could have authenticated and not authenticated on a single Zendesk instance, so on only one domain. This is not possible? Or, alternatively, is it possible to have only one Zendesk instance with two separate addresses? For example: zendesk1.abcd.it and zendesk2.abcd.it? Or how?

     

    thanks

    Fabio

    0
  • Ramin Shokrizadeh
    Comment actions Permalink

    Hi Fabio,

    You can have authenticated and non-authenticated in the same account, you cannot have it on the same URL (as in a user cannot be authenticated and not authenticated at the same time).

    If you have more questions, please email support@zendesk.com to get further assistance.

    -Ramin

    0
  • Zornitsa Georgieva
    Comment actions Permalink

    Try telling that to Shrödinger's cat :)

    0
  • Saopheng Suon
    Comment actions Permalink

    Hello,

    I have a problem with fetch JWT_TOKEN_ENDPOINT. what is JWT_TOKEN_ENDPOINT format which we can pass in?

    Help me soonest, Thanks

    0
  • Ramin Shokrizadeh
    Comment actions Permalink

    Hi Saopheng,

    Please email support@zendesk.com to get assistance.

    -Ramin

    0

Please sign in to leave a comment.

Powered by Zendesk