Using restricted help center content with Web Widget (Classic)

Return to top

14 Comments

  • Robert Dahlborg

    Hi. Trying to understand how to use jwt tokens with the web widget. Do I need one jwt for each integration(support,guide,chat) signed with 3 different keys? 

    Robert

    0
  • Miranda Burford
    Zendesk Product Manager

    Hi @...,

    >Hi. Trying to understand how to use jwt tokens with the web widget. Do I need one jwt for each >integration(support,guide,chat) signed with 3 different keys? 

    Yes, that's correct.  You'll need one JWT for each integration with 3 different keys.  We're hoping to simplify this in the future.

    - Miranda.

    0
  • Robert Dahlborg

    Hi Miranda, 

    Thank you for the answer. May I suggest that you implement support for JWT signing using the HS256 algorithm which is an asymmetric algorithm? This would be super easy for you to implement and the same token can be used across all your api's. It would also eliminate the need to create a purpose built service for zendesk tokens, i.e. one could use an external identity provider without having to exchange jwt tokens. 

    Regards

    Robert

    0
  • Arno (EMEA Partner)

    User segments are not discussed in this article, and does someone know or even has experience about this: if customer user is authenticated with SSO, does widget then automatically limit/allow the KB content according to the user segments of the user in question? 

    0
  • Anna Roussanova

    Hi Sovellin, yes, if the user is authenticated into the widget as described in this article, they will see the articles appropriate to their user segment.

    0
  • Miranda Burford
    Zendesk Product Manager

    Hi @...,

    Thanks for your feedback on this.  Much appreciated!  I've passed this suggestion onto the team to consider in the future.

    - Miranda. 

    0
  • Kornelia Szabo

    Hi Tech Support, 

    I would be also very interested in this: https://support.zendesk.com/hc/en-us/articles/222874768/comments/360000717727

    Namely how to do the setup for the allow list so local development is also possible? 

    1
  • Noe Landaverde

    Hi, 

    I've been trying to make this work to no avail. My subdomain and even localhost are already whitelisted, made my subdomain run locally by adding it to my machine's hosts file but still the content is not loading. This is also true when running my app on localhost. Do I really have to deploy this code to be able to test it?

    1
  • Miranda Burford
    Zendesk Product Manager

    HI @...,

    In order to test this in your development environment, you should be able to specify localhost or 127.0.0.1 as a valid domain in the allow list.  Please give that a try (should also work with Help Center articles) and let us know how you go.

    Thanks,

    - Miranda.

     

    0
  • Gabriele Biella

    Hi,

    I created the jwt token as described but I get this error:

    {
    "success": false,
    "error": "failed to validate claims"
    }

    an example of JWT content is:
    {
    "name": "myemail@email.com",
    "email": "myemail@email.com",
    "iat": 1635258312,
    "external_id": "9763877",
    "exp": 1635258612
    }

     

     

    0
  • Miranda Burford
    Zendesk Product Manager

    Hi Gabriele Biella,

    I'll create a ticket so we can collect some more information from you and continue the conversation in there.

    - Miranda.

     

    0
  • Sanju Sathiyamoorthy

    Seen below is my code used to try and implement the authentication for the widget. The console is being logged to so I know the function is being called, the jwt is valid and I am not getting any errors -  but still I am not getting authenticated. The widget is the support widget in which zendesk articles can be searched for. Is this the correct set up?

    Could you provide a working js example of the code showing how the callback function is used? 

    1
  • Tipene Hughes
    Zendesk Developer Advocacy

    Hi Sanju,

    A couple things I’d suggest trying here:

    1. Fetch the JWT within the context of the zESettings object e.g:

    …
    jwtFn: function(callback) {
    // Fetch the JWT here and provide to callback below
    callback('YOUR_JWT_TOKEN');
    }
    …

    2. Double check that the Allowlist contains the domains that contain the Web Widget.

    Let me know how this goes, and feel free to reach out with any questions.

    Tipene

    0
  • Chandra Iyer

    hi 

    I managed to get to the first step of the webchat getting authenticated using 

    1) the function 

     window.zESettings = {
                    webWidget: {
                      authenticate: {
                        chat: {
                          jwtFn: function(callback) {
                            fetch('${BACKEND_JWT__API})
                            .then(response => {
                              if (!response.ok) {
                                throw new Error("HTTP error, status = " + response.status);
                              }
                              return response.json();
                            })
                            .then(resp => {
                        // console.log("$$$$$====>",resp)
                        callback(resp.data.token);
                             })
                            .catch(error => console.log('error', error));
                           }
                         }
                       }
                     }
                   };
     
    2) Using the secret from
    1. Settings > Widget > Widget Security tab.

    The user is authenticated and I can verify this 1) 200 Token Response  from the api --> https://id.zopim.com/authenticated/web/jwt 2)  by seeing that the name and email are not editable in the chat box and 3) seeing messages come through the Live Chat. 

     

    My problems:

    a) Help Center  Setting does not require user sign in but user needs to be authenticated to view Restricted content. 

    b) The Zendesk token from my above does not still give access to the Restricted help center content. 

    Is there another step?

    1) Do we need to call the code block on this page separately using the secret from https://{mydomian}.zendesk.com/admin/channels/classic/widget/ Security settings ? 

    1a) Do we need to separately also call the Help Center reauthenticate function separately as referenced here --> https://developer.zendesk.com/api-reference/widget/settings/#authenticate

    2) If we use this Help center content code block what happens to my existing code block for chat authentication ?  Can both of them co exist?

    Sorry. I am finding the multitude of secrets and code blocks difficult to navigate.  

    Any help would be appreciated !

     

    Regards

     

     

    0

Please sign in to leave a comment.

Powered by Zendesk