Enabling authenticated visitors in Web Widget (Classic)

Return to top
Have more questions? Submit a request


  • CT

    I have two questions:

    - Where can I locate the external_id of visitors on dashboard?

    - How to set phone for authenticated visitor?

    Thank you!



  • Devan - Community Manager
    Zendesk Community Team

    Hello CT,

    Welcome to the community! This article on Setting and finding user's external IDs should be able to answer your first question. As for your second question would you be able to elaborate on this please?

    Best regards. 

  • CT

    Hi Devan,


    Thank you for your warm welcome.


    For the first question, I also read this article before I posted the comment, user info of each visitor on dashboard only shows:

    • Name
    • Email
    • Phone number
    • Visitor notes
    • Tags
    • Past visits
    • Past chats
    • Visitor path
    • Location
    • Browser
    • Platform
    • Device
    • IP address
    • Hostname
    • User agent

    But there isn’t external_id.


    For the second question, the payload of the current JWT token only accepts:

    • Name
    • Email
    • External_id
    • Iat
    • Exp

    And I would like to set phone number for each authenticated visitor as well, please give some example codes.


    Thanks you!


  • Lila Kingsley

    Is there any relationship between the shared secret & brand?  We created our widget as chat only on one brand, but soon we will be moving to another brand which has our customer help center (so we can offer that in the widget as well).  Just wondering if there will be any impact to the shared secret with this upcoming change.

  • Brett Bowser
    Zendesk Community Team

    Hey Lila,

    The shared secret is set up through the Chat dashboard which does not have multi-branding available. If you're switching the web-widget brand it should not affect your Chat shared secret you've generated.

    Let me know if you have any other questions!

  • Larry Marshall

    While trying to configure Knowledge Center for the widget, I am getting a Bad Request response for the following URL in my browser console,
    HTTP Method: POST
    Response: {"error":"Bad request","message":"Invalid message(s): * Could not be verified"}

    This is my JWT Token Generation Snippet:
    hash = {
    email: 'mail-name@listenfirstmedia.com', name: 'Larry F',
    iat: Time.now.to_i, jti: rand(2 << 64).to_s,
    external_id: 'mail-name@listenfirstmedia.com'
    jwt_token = JWT.encode(hash, $settings[:zendesk_jwt_secret], "HS256")

    I verified that this token works by loging in using https://listenfirst.zendesk.com/access/jwt?jwt=#{jwt_token}

    My zESettings is
    window.zESettings = {
    webWidget: {
    authenticate: {
    jwtFn: function(callback) {
    url: "http://localhost:4040/oauth/token/info",
    success: function success(t) {
    callback(t['zendesk_token']); // the code flow came here!!!
    error: function error(e) {

    Could you please help me fix or troubleshoot this further?

  • Dineshswamy Paranthaman

    I embedded the widget in an Html page and using it as a webview in the app. The app authentication works perfectly but this happens when the user tries to start the chat again after ending




  • Larry Marshall

    @Dineshswamy Paranthaman How would this configuration work if we want to configure only knowledge center but not chat? there is a configuration in this page that details it.. it seems to work similar to the documentation here.. https://developer.zendesk.com/embeddables/docs/widget/settings#help-center.. However it does not work.

  • Vikas Shivananjappa

    Hi Ramin,

                    Thanks for the exlanation on using JWT. We have successfully enabled authentication using JWT. However zendesk chat web widget do not seem to respect the JWT token expiry date. Am i missing something here? 


    The JWT payload will look like below:

    { "email": "vshivananjappa@testme.io", "exp": 1600812308, "external_id": "vshivananjappa@testme.io", "iat": 1600812008, "jti": "ac5sas5d1-12fa-1649-9751-7abc4f7f96ad", "name": "vshivananjappa@testme.io" }


  • Janelle Henney

    I've successfully implemented the chat and chat authentication for my site, but I'd like to be able to re-trigger authentication whenever I want (ie, a user signs out, then signs back in without refreshing the page). 

    I've been all over the docs, and can't find anything useful. What does the note "The jwtFn can be called multiple times throughout a chat session to obtain a new JWT in order to validate the visitor’s identity over the session’s lifetime." mean? How can I call this function from within my code? Is there an example? Thanks!


    Hi, Ramin Shokrizadeh could you provide us with a complete downloadable example of this topic with php.

  • Dave Dyson
    Zendesk Community Team

    Hi David,

    Did you see the download link in the PHP section above? PHP


    hi,Dave Dyson.

    yeah I'm very confused by now, I did all the steps and it still doesn't work. so request the downloadable I think it will help us all.

  • Dave Dyson
    Zendesk Community Team

    DAVID BERUMEN LOZANO Here's the link from above: PHP-JWT


Please sign in to leave a comment.

Powered by Zendesk