Setting up user authentication for messaging

Hi everyone and Zendesk product team,

I have found that the messaging widget and classic web widget (Enabling authenticated visitors in Web Widget (Classic) – Zendesk help) has similar features related to jwt auth.

Expiration time of token must be within 7 minutes and you should rotate it before its expiration time while chatting.

Why didn't you mention this in the documentation for the messaging widget?

And I am also waiting for the "email address mapping feature".

Thomas (internalnote.com) Thank you for your article on `internalnote.com`. Very hot topic.

Hi, I would like to prefill the message for the user. Is that possible?

Hi, Prakruti Hindia Mick O'Donnell

Is there any update on this improvement in the ability to pass the email address for newly created users? We recently changed to messaging channel, this issue affects us heavily. Because we can't send follow-up messages without the user's email in the ticket. That does not make sense. Please solve this issue sooner. 

Hello Prakruti Hindia, Mick O'Donnell

Our team want to use Zendesk Messaging to instead of Zendesk Chat,

And we have setting it according to the following guide:

https://developer.zendesk.com/documentation/zendesk-web-widget-sdks/sdks/web/enabling_auth_visitors/

https://support.zendesk.com/hc/en-us/articles/4411666638746

Our generated JWT token python script as following:

token = jwt.encode({'scope': 'user', 'external_id': '#external_id', 'name': '#name','email': '#email' }, '#SECRET', algorithm='HS256',
                   headers={'kid': '#kid'})

We use the JWT token like following:

<script type="text/javascript">

var jwtToken = "#JWTtoken"
window.zESettings= {
webWidget: {
        authenticate: {
            chat: {
                jwtFn: function(callback) {  
                    callback(jwtToken);
                }
            }
   }
}
</script>

As our expected is the end user will not be prompted to provide their name or email address by the messaging bot as part of the default messaging response.

But currently it is still need to input name and email,

Could you please confirm where exist problem for our implements?
And How can we solve it?

Hello Thomas (internalnote.com)

By your comment, I have tried to use the new API, and it is OK.

Thank you very much for the help!

If the only place we plan to put the web messaging widget in on our help center, and if we assume the customer has logged in to our help center (which I'm trying to figure out how to make a requirement before the widget is shown), do I need to worry about setting up JWT/Authentication since the site will already know who is logged in?

@... Prakruti Hindia can we pass email same way as for Web Widget Classic?

>    zE('webWidget', 'identify', { name: `${HelpCenter.user.name}`, email: `${HelpCenter.user.email}` });

When I send name and email in the jwt, when does zendesk update? My user may change their name and I want that to update. Even after calling login again with the new token, it doesn't seem to update.

Hi everyone. Thank you for posting on this topic. For anybody who may be struggling with an implementation issue around JWT authentication, or you suspect a potential issue with the Zendesk Web Widget / Mobile SDKs, could I request that you open a support ticket via support.zendesk.com (chat launcher in the lower right) and we will investigate each case.

We will follow up in the comment thread with responses to general questions where possible. Many thanks!

Hi Anton Maslov, yes this is possible using the Zendesk Web Widget as described here. Here is an example payload:

{
   "external_id": “12345678”,      
   "email": “janes@soap.com”,    
   "exp": “1639608035”,     
   "name": “Jane Soap”,    
   "scope": “user”
}

Hi Jeremy B, no this doesn't happen today. The name value won't modify or overwrite the name stored in Zendesk Support. This is a limitation that we will address in the future.

Hi everyone, 

Posting an update on surfacing email address, provided in authentication API, on Agent Workspace. We are targeting Nov to support this enhancement. With this change, external Id, email or a combination of both can be used to uniquely identify your users. 

I will provide more updates closer to the rollout date. 

- Prakruti

We appreciate your feedback on this topic and would love to hear more directly from you live. Please join us on Wednesday, September 20, 2023, at 11 AM CDT, for our PM Roundtable on Messaging End-user Experience. It’ll be an open discussion on what is and isn’t working for you in this focus area of Zendesk. So please bring those questions, concerns and feedback because we want to hear from you! The link to register can be found here, we’d love to see you all there.

Best regards,

Hello, I would like to know if we can enable end users authentification for Messaging when users are already logged-in using Single Sign-On (SSO).

The aim is to have 'articles suggestion' made by bot work for non-public articles (Articles having visibility set to Sign-in or base on User-segments). This doesn't seems to be possible for now.

I have the same question as Jean-Philippe. We use our platform for an internal employee HR support service and we use SSO through Okta. The user will already be signed in, but messaging does not recognize this which creates a new user account for them. When a user has a question that cannot be solved within a conversation or needs to go back to see the conversation, they cannot view it because it is going to their SSO user profile. We try our best to merge the customer profiles created by messaging but if the user comes back and uses messaging, it again creates a new account. A lot of added steps that are needed to do this. 

We have multiple examples where this occurs without the action of logging in or out. Some other action is randomly causing the ticket to be closed by merge. It's frustrating for agents and end users who lose the connection mid-conversation without any explanation. I've had a long back and forth with Zendesk support, which has not completely solved the problem, as we can't recreate the scenario. It's, as I said, random, leading me to believe it's buggy. Is there any way we can disable this? 

Cassie Salgado We are seeing something similar. We haven't seen any tickets closed by merge, but we have seen tickets mysteriously merged without manual intervention, and examples where our conversation bot fires mid-chat as well, and ZD support has said this is due to merging happening in the background. Have you gotten any additional clarity on this? 

Hi Prakruti Hindia

We are a major retailer from Japan and a newcomer to Zendesk community. Like others, we're also stuck with this limitation on surfacing e-mail address from JWS-authentication. We've been doing PoCs on Zendesk services for a while and this limitation has become a key factor for our decision on adoption of Zendesk. 

Regarding your last post that the fix will likely to be on November and as it's now December, so may I ask how it's going with this enhancement support? Any update or outlook would be truly appreciated. 

Due to the nature of our business, it is not secured and not efficient to create user profiles in advance on Zendesk for all of our customers, so the workaround which matches user external ID is not realistic for us. The workaround where agents have to merge users for every single request is also not practical at all. Thanks in advance for your response. 

Hi Wathanyoo Khaisongkram,

Thanks for that information, that's helpful. I checked internally, and we're currently targeting January for this update of displayed verified email address in Agent Workspace once the end user is authenticated.

Hi Mick O'Donnell,

this means that using JWT to authenticate the messaging Widget, if the user doesn't exists in Zendesk, it is created with email address? Now the email information isn't valued in the created user, according with the current "Email addresses in Agent Workspace" limitation.

Thanks,
Sandro

Mick O'Donnell is this targeted begin or end of January to be released? 

Kr

Fien

Hello,

I would just like to add that we too have been waiting for quite awhile to see this update of displayed verified email address in Agent Workspace once the end user is authenticated. This has been a blocker for us in rolling out Messaging which is key to unlocking the boasted about Zendesk Bot features. It would be great to see this prioritized sooner than later.

Hi all,

is there any guidance/solution on how to enable sso/Okta login for the messaging widget, if we are using only the default Zendesk Guide page with the widget enabled? Thanks for the help