PureCloud authenticated chat

Genesys Cloud Web Chat
1

I am working on a server-to-server authenticated chat.

https://developer.mypurecloud.com/api/webchat/guestchat.html#authenticated_chat

I follow the document above, and successfully get the JWT from POST /api/v2/signeddata. However, where should I send this JWT token? and how to verify this token at PureCloud side?

2

You send the JWT token when you start the chat, as far as I understand the token is verified by PureCloud when they receive it (after all they were the one who created it).

If you look at the flow here, the following steps occur:

  1. The customer signs into your website (Third Party Org Site), this way you know the customer is who they say they are because they logged into your site.

  2. You then use the authentication they have with your website to make a request to your backend service to get a JWT signed by PureCloud.

  3. Your backend uses the authentication to retrieve customer specific information from your system.

  4. Your backend then uses this information to make a new request to PureCloud (with the customer information) which returns a JWT signed by them (containing the information you just gave them).

  5. Your backend should then send a response back to your frontend with the JWT from PureCloud.

  6. The frontend then sends the JWT when starting a new chat with PureCloud. How you send the JWT/token depends on if you are using the API directly or the widget provided by PureCloud. If you are using the API it should be sent via the memberAuthToken property when starting the chat. If you are using the widget it should be added here. Look at the example and you'll see headers containing a Client-Token property, that's where you send the JWT/token received from your backend service.

  7. PureCloud then validates the signature and starts a new chat in their system.

2 Likes
3

This is documented here: https://developer.mypurecloud.com/api/webchat/guestchat.html#api_requests. TL;DR in the header authorization: Bearer {jwt}

4

Thanks, @kripette.

I follow your steps:

  1. Signed the variables:
    {
    "userId": 1234,
    "authorized": true
    }
    with POST /api/v2/signeddata and get the jwt.

  2. Send jwt in memberAuthToken and the variables in
    "customFields" : {
    "userId": 1234,
    "authorized": true
    }

  3. Setup a script with new variables signed:userId and signed:authorized

  4. Setup new inbound chat flow and add the screen pop flow.

However, it doesn't show the variables. Which step gets wrong?

5

What is "it" and how are you attempting to access the data?

6

I finally found the solution.

As mentioned,

  1. Send the jwt token as memberAuthToken and the encrypted data (eg. a random generated guid) while initial the conversation.
  2. Add an Inbound Chat flow in architect
  3. Find the guid in Chat.Guest.authenticatedCustomFields and Chat.Guest.customFields and compare
7

Keep in mind that if you send the custom fields both via authenticated method and via unauthenticated method, both will be available on the conversation. Not sure if that's your intent. You should only send the custom fields via the jwt token to get only the signed ones.

8

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.