Authenticating Users
If your website or app has a way to authenticate users then you can pass the authenticated user's details to the chat widget. In order for our server to trust the passed data we recommend you use JSON Web Token (JWT) to sign the data. This will require your website to connect to your own server that would generate the JWT on the server side as API keys used to generate JWT should not be exposed to the web/mobile client.
Architecture
Imagine you have a user externalId that you want to pass to the widget for an authenticated user. In order for DG server to trust that this is indeed the correct externalId you would need to pass the JWT token containing the externalId.
The sequence of steps is the following:
- Website client/app requests JWT from your server (could be part of the authentication flow).
- Your server uses DG API Key and Secret to generate a JWT with the externalId of the user.
- Website client/app passed the JWT to the chat widget as one of the inputs.
Generating JWT
-
Create DG API Key and Secret on the DG dashboard. See more details about API Key/Secret. API Key and Secret should be securely stored on server side and not exposed to the public clients.
-
Use the DG API Key and Secret to sign the JWT. Put the API Key in JWT header and use API Secret as JWT secret. Example code in node.js using jsonwebtoken:
var jwt = require('jsonwebtoken');
var userJwt = function(externalID) {
return jwt.sign(
{
scope: 'user',
external_id: externalId
},
DG_API_SECRET,
{
header: {
alg: 'HS256',
typ: 'JWT',
kid: DG_API_KEY
}
}
);
};
Generate JWT on the Server
It's important you generate JWT on the server as the API Secret should not be exposed to the public clients.
Updated 5 months ago