Additional Auth Methods Supported
Updated
There are multiple ways to authenticate a user in chat when the user is already authenticated on the brand page.
1. Sharing user details through standard Sprinklr chat user setting
In these authentication options, the host website passes all the user details along with a hash of those details (important to prevent man-in-the-middle-attacks), into the sprChatSettings while injecting the live chat application. Whenever a user logs out from the host website, the host website calls the SDK to instruct the live chat to log out the current authenticated user and switch to an unauthenticated user.
Please note hash should be generated on the brand’s server to prevent leaking the secret to the client side.
What if I do not pass the user details?
The previously authenticated user’s details and token will be destroyed if we have one, and then a new anonymous user will be created.
Flow Diagram
Code for Implementation:
<script>
window.sprChatSettings = window.sprChatSettings || {};
window.sprChatSettings = {
"appId": "app_600000609",
"user": {
"id": "1234",
"firstName": "John",
"lastName": "Doe",
"profileImageUrl": "https://example.com/profilePic.jpg",
"phoneNo": "9876543210",
"email": "John.Doe@example.com",
"hash": "f30c3b0835ecd378a134c74bce8cea866df8c5b6e12a8c219c9bb288f7270e22",
}
}
</script>
<script>
live chat embedded code
</script>
2. Sharing user identifiers/tokens only through Sprinklr chat settings
If you have an API to fetch user details using some kind of reference tokens (can be as many as brand API requires) and you prefer not to pass user details on the client side, you can simply pass these tokens along with their hash (important to prevent man-in-the-middle-attacks) while injecting the live chat on the client side, along with other necessary details inside the sprChatSettings Sprinklr server will request for user details by passing these tokens to the specified brand API.
Please note: Hash should be generated on brand’s server to prevent leaking the secret to client side.
This approach helps maintain user privacy and security by not exposing sensitive(if any) user data in the client-side code. This will also require the brand to whitelist Sprinklr’s servers to make API calls to brand’s servers to fetch user details.
What if I do not pass the custom user details?
The previously authenticate user’s details and token will be destroyed if we have one, and then a new anonymous user will be created.
Flow Diagram
Code for Implementation
<script>
window.sprChatSettings = window.sprChatSettings || {};
window.sprChatSettings = {
"appId": "app_600000609",
"customUser": {
"tokenA": "xxx",
"tokenB": "xxx",
"hash": "f30c3b0835ecd378a134c74bce8cea866df8c5b6e12a8c219c9bb288f7270e22",
}
}
</script>
<script>
live chat embedded code
</script>
3. Sharing Session created by website inside chat using brand cookies
If the cookie available on brand’s domain is sufficient to retrieve user information, then Sprinklr server will simply request for user details by hitting the specified brand API. The cookies will automatically be forwarded by the browser to the brand’s server.
For this purpose, Please note:
We need one of your domains to be CNAME mapped with the Sprinklr domain, so that the cookies are automatically forwarded to Sprinklr Server by the browser and Sprinklr will then send them to brand server.
This solution will not work with native webview implementations.
What if there is no cookie sent or the user details from API are not received?
The previously authenticated user’s details and token will be destroyed if we have one, and then a new anonymous user will be created.
Flow Diagram
4. Passing pre-created(by brand) Sprinklr user id in chat settings
If you don't want to transmit all the user details when injecting the live chat, you can simply create a Sprinklr chat user on your server by calling our backend API, and then pass only this Sprinklr userId on the client side. Sprinklr Chat client will fetch the user details against this ID.
What if I do not pass the user details?
The previously authenticated user’s details and token will be destroyed if we have one, and then a new anonymous user will be created.
Flow Diagram
Code for Implementation
<script>
window.sprChatSettings = window.sprChatSettings || {};
window.sprChatSettings = {
"appId": "app_600000609",
"user": {
"id": "1234",
"hash": "f30c3b0835ecd378a134c74bce8cea866df8c5b6e12a8c219c9bb288f7270e22",
}
}
</script>
<script>
live chat embedded code
</script>
5. SSO
in on the brand page using the same SSO, we need to specify the 'isSSOAuthorized' boolean flag (true when the user is logged in on the brand page, and false when the user is not logged in on the brand page) while injecting the live chat.
What if I pass the isSSOAuthorized: false ?
The previously authenticated user’s details and token will be destroyed if we have one, and then a new anonymous user will be created.
Flow Diagram
Code for Implementation
<script>
window.sprChatSettings = window.sprChatSettings || {};
window.sprChatSettings = {
"appId": "xxxxx",
"user": {
"isSSOAuthorized": true,
}
}
</script>
<script>
live chat embedded code
</script>