Authenticating end users in messaging for the Web Widget and mobile SDK

Return to top

153 Comments

  • Paul

    Hi,

    Hi, as per this article when do you think realistically the email address will be included in the newly created contact. This is important for us before we go live with chat on our site and we have been told on numerous occasions that this is coming soon but over a year later this is still a problem.

    When a user of our site is logged into our site and engages with ZD messaging, we log them into the Zendesk chat using a JWT token that contains name, email and external Id.
    Whilst the name and external id are set, the email address is not and it is vital to our operations to ensure this is automatically set rather than our agents having to manually set it which is both error prone and time consuming.

    Please can you give an update on this work with a realistic timeframe for it being implemented?
    Thanks

    1
  • Tim M

    It is now Q2, is there any update on this improvement for the ability to pass the email address? The metadata is now available in flow builder, how come it cannot pass into agent workspace?

    2
  • Simon Gellis

    Our organization found another workaround for passing in the email address: before authenticating to messaging, we generate the token used for SSO authentication, and have the browser make a call to the Zendesk JWT SSO endpoint https://support.zendesk.com/hc/en-us/articles/4408845838874-Enabling-JWT-single-sign-on#topic_w5x_1fh_3fb (in no-cors mode, ignoring the response). We also set the same externalId for each user on both SSO JWTs and messaging JWTs.

    The end result is that anyone signing into messaging has their account linked to the one used by SSO, and the email shows up as you'd expect.

    2
  • Thomas (internalnote.com)
    Community Moderator
    Zendesk Luminary

    Is there an ETA on a fix cause this does not work as expected:

    Scenario's:

    1. A new user uses Messaging for the first time and is logged in via JWT >> a new user is created without an associated email address
    2. An existing user logs into Messaging and starts a conversation. Even though the email address matches a new user is created in Zendesk
    3. An existing user uses messaging and is not logged in. They enter an email address in Ask for Details. This conversation is added to the existing user in Zendesk that has a matching email address.
    4. That same existing user that has now both messaging and email address linked, now logs into Messaging and starts chatting. This creates a new user without an email, unlinked from the existing user

    ONLY when you merge the logged in Messaging user and the existing email user profiles you can achieve a mapping to the same user. But since Zendesk does not show the email address of the logged in Messaging anywhere in the interface, there is no way for an agent to know who to merge too.

    EXCEPT if you have SunCo, you can then do some API lookups and retrieve the required values to be able to merge the users.

    I recorded a video below that explains it better:

    https://youtu.be/5HwXmZPz2pU

    And wrote an in depth technical write up about it here:

    https://internalnote.com/deepdive-into-messaging-profiles/

    1
  • Shayan Moussawi

    Thomas (internalnote.com) You need to use external ID to match users with one another.

    When a user is created in your system, you need to create it in Zendesk with the given external ID from your system. Meaning, you need to use the Create or Update API endpoint, to create a user in Zendesk every time a User is created in your system.

    When a user signs into messaging and is authenticated using JWT, you need to pass external ID as a parameter.
    This will automatically merge the User that just signed in, with the user that is already created in your system, linking the Messaging Ticket immediately.

    To circumvent Zendesks implementation of the JWT authentication, I'd also recommend always having a User Create or Update Call before passing the JWT auth.

    This will guarantee that even if a new user is logged in through Messging, the user is first created with his Email and external ID, and then can be merged into for future Messaging conversations.

    0
  • Thomas (internalnote.com)
    Community Moderator
    Zendesk Luminary

    Hey,

    That was supposed to work, but in my testing (video in Loom) that does not work as expected.

    1
  • Shayan Moussawi

    Thomas (internalnote.com) Wow.

    I just watched your video and I am stunned by how this feature is still not properly implemented yet. I am glad I postponed our implementation after taking an initial look at it. 

    My impression was, and even from reading the support article, this is the behavior I would expect, is that once a user authenticated through messaging, a user is with an external_id is created in Zendesk, and merged into potentially an existing user (if that existing user shares the external_id).

    The current state of the implementation seems like a bit of a mess, since the "external id" that is shown... is not actually an external ID as you would expect in Zendesk. It's just the SunCo external ID surfaced next to the user... 


    0
  • 이지훈(Lee jihoon)

    I would like to make an enhancement request for the flow below.

    • End user A has an open Ticket 1 as an authenticated user.
    • End user A logs out.
    • End user A sends a message without signing in. User 2 and Ticket 2 are created.
    • End user A signs in again mid-conversation. Authenticated User A is retrieved via the external id and the anonymous and authenticated conversations are merged.
    • Conversation continues in Ticket 1 and Ticket 2 is closed.

    From my experience, even if Ticket 2 is closed, it simply adds a "closed_by_merge" tag, and the agent doesn't know if it was merged by the ticket, but the user doesn't know.

    As a handy example, when an agent merges a ticket, a comment like the one below is left on the ticket.

    Request #330434 "merge test1" was closed and merged into this request. Last comment from request #330434:

    This request has been closed and merged into request #330435 "merge test2".

    I think the comments above are also necessary when merging messaging tickets.

    0
  • 이지훈(Lee jihoon)

    There is one more user here in South Korea waiting for the "email address mapping feature".

    1
  • Anastasiia Kalugina

    Hi everyone and Zendesk product team,

    I have found that the messaging widget and classic web widget (Enabling authenticated visitors in Web Widget (Classic) – Zendesk help) has similar features related to jwt auth.

    Expiration time of token must be within 7 minutes and you should rotate it before its expiration time while chatting.

    Why didn't you mention this in the documentation for the messaging widget?

    1
  • Anastasiia Kalugina

    And I am also waiting for the "email address mapping feature".

    1
  • Thomas (internalnote.com)
    Community Moderator
    Zendesk Luminary

    Quick update from my side:

    Apparently my Zendesk account was tagged with an internal flag that prevented External ID matching. This flag has now been removed by Zendesk Support and the issue was resolved.

    The only remaining feature gap is now the lack of email matching for scenarios where users do not have an external ID set.

    1
  • Anastasiia Kalugina

    Thomas (internalnote.com) Thank you for your article on `internalnote.com`. Very hot topic.

    2
  • Thomas (internalnote.com)
    Community Moderator
    Zendesk Luminary

    Apparently we all have access to Sunshine Conversation keys inside of the Admin Panel now?

    If so you can use this flow to do a lookup of users and merge profiles:

    https://internalnote.com/deepdive-into-messaging-profiles/


    GitHub - verschoren/messaging_user_merger

    1
  • daniel carvalho

    Hi, I would like to prefill the message for the user. Is that possible?

    0
  • Flora Chen

    Hi, Prakruti Hindia Mick O'Donnell

    Is there any update on this improvement in the ability to pass the email address for newly created users? We recently changed to messaging channel, this issue affects us heavily. Because we can't send follow-up messages without the user's email in the ticket. That does not make sense. Please solve this issue sooner. 

    0
  • Sun, Shuai

    Hello Prakruti Hindia, Mick O'Donnell

    Our team want to use Zendesk Messaging to instead of Zendesk Chat,

    And we have setting it according to the following guide:

    https://developer.zendesk.com/documentation/zendesk-web-widget-sdks/sdks/web/enabling_auth_visitors/

    https://support.zendesk.com/hc/en-us/articles/4411666638746

     

    Our generated JWT token python script as following:

    token = jwt.encode({'scope': 'user', 'external_id': '#external_id', 'name': '#name','email': '#email' }, '#SECRET', algorithm='HS256',
    headers={'kid': '#kid'})

    We use the JWT token like following:

    <script type="text/javascript">

    var jwtToken = "#JWTtoken"
    window.zESettings= {
    webWidget: {
            authenticate: {
                chat: {
                    jwtFn: function(callback) {  
                        callback(jwtToken);
                    }
                }
       }
    }
    </script>

    As our expected is the end user will not be prompted to provide their name or email address by the messaging bot as part of the default messaging response.

    But currently it is still need to input name and email,

     

    Could you please confirm where exist problem for our implements?
    And How can we solve it?

    0
  • Thomas (internalnote.com)
    Community Moderator
    Zendesk Luminary

    Window.zE settings only works for the classic widget, but does not work for messaging.
    That requires a different API call.

    See this documentation: https://developer.zendesk.com/documentation/zendesk-web-widget-sdks/sdks/web/sdk_api_reference/?ref=internalnote.com#authentication

    I also wrote up a full overview here: https://internalnote.com/jwt-messaging/

    1
  • Sun, Shuai

    Hello Thomas (internalnote.com)

    By your comment, I have tried to use the new API, and it is OK.

    Thank you very much for the help!

    0
  • Thomas (internalnote.com)
    Community Moderator
    Zendesk Luminary

    Glad it worked! You’re welcome :-)

    0
  • Hannah Bowers

    When will the customer's email address be included in their profile during a chat in the Agent Workspace? Tickets via chat do not have an email and results in the conversations NOT being linked to existing customer records, which also causes the chat to not be persistent for a user. The email is not included in the events of the chat either.

    Given that this has been a request for more than a year, and that non-messaging chat could easily capture this, I'm very confused on why Zendesk is not addressing this. Can anyone provide an update and explanation? 

    18
  • Rusty Wilson
    Zendesk Luminary

    If the only place we plan to put the web messaging widget in on our help center, and if we assume the customer has logged in to our help center (which I'm trying to figure out how to make a requirement before the widget is shown), do I need to worry about setting up JWT/Authentication since the site will already know who is logged in?

    0
  • Viktor Osetrov
    Zendesk Customer Care
    Hello Rusty,

    Yes, you should worry about setting up JWT/Authentication on messaging as well. Because unfortunately cross- authentication doesn't work by default between Guide and Web Widget. You should add JWT/Auth for both of them separately or you can build rich end-user experiences directly integrated with third-party systems.

    Thank you
     
    0
  • Anton Maslov
    Zendesk Luminary

    @... Prakruti Hindia can we pass email same way as for Web Widget Classic?

    >    zE('webWidget', 'identify', { name: `${HelpCenter.user.name}`, email: `${HelpCenter.user.email}` });

    0
  • Jeremy B

    When I send name and email in the jwt, when does zendesk update? My user may change their name and I want that to update. Even after calling login again with the new token, it doesn't seem to update.

    0
  • Mick O'Donnell
    Zendesk Product Manager

    Hi everyone. Thank you for posting on this topic. For anybody who may be struggling with an implementation issue around JWT authentication, or you suspect a potential issue with the Zendesk Web Widget / Mobile SDKs, could I request that you open a support ticket via support.zendesk.com (chat launcher in the lower right) and we will investigate each case.

    We will follow up in the comment thread with responses to general questions where possible. Many thanks!

    0
  • Mick O'Donnell
    Zendesk Product Manager

    Hi Anton Maslov, yes this is possible using the Zendesk Web Widget as described here. Here is an example payload:

    {
    "external_id":12345678,
    "email": “janes@soap.com”,

    "exp":1639608035,

    "name": “Jane Soap”,

    "scope": “user”
    }
    0
  • Mick O'Donnell
    Zendesk Product Manager

    Hi Jeremy B, no this doesn't happen today. The name value won't modify or overwrite the name stored in Zendesk Support. This is a limitation that we will address in the future.

    1
  • Prakruti Hindia
    Zendesk Product Manager

    Hi everyone, 

    Posting an update on surfacing email address, provided in authentication API, on Agent Workspace. We are targeting Nov to support this enhancement. With this change, external Id, email or a combination of both can be used to uniquely identify your users. 

    I will provide more updates closer to the rollout date. 

    - Prakruti

    14
  • Thomas (internalnote.com)
    Community Moderator
    Zendesk Luminary

    That's awesome news! Thanks.

    1

Please sign in to leave a comment.

Powered by Zendesk