We finally cleared the authentication hurdle that we were experiencing when setting up our Web Messenger to go the authenticate route. What we are now seeing is that if 2 different clients log into our website using their own set of credentials, the second client that logs in, is able to view the conversation history of the first client.
Scenario:
Client-A logs into our webpage and initiates the web messenger, has a conversation with the agent. The agent disconnects the interaction. The client logs out of the webpage but does not close the browser.
Client-B uses this browser to log into the same webpage using a different set of credentials. Client-B is able to view the conversation history of Client-! prior to starting their own conversation.
We're not understanding why this continuing to happen with an Authenticated Web Messenger. Is something missing? Our understanding was that going to an Authenticated version of the Web Messenger would do away with this issue.
This should not happen indeed for authenticated sessions, if users are distinct users (i.e they have a different sub claim).
Could you provide conversationIds involved ?
Are you reproducing this behavior systematically ?
Could you provide also your region ?
This shouldn't happen at all and needs to be reviewed with Genesys custom care team as suggested.
Each user will get their own token after successful authentication and this token is used while initializing authenticated conversation. Its worth checking if user is successfully authenticated and that in the network logs you see request made to api/v2/webdeployments/token/oauthcodegrantjwtexchange to get the token which will be used (instead of _actmu that is for anonymous conversation only).
Thank you all. I currently have a ticket open with Customer Care.
VP - I supplied ID's, network logs, console logs from the browser, Snippet code and an image of the code placement. We are on the USW2 region. Case #0003427819.