Introducing enhanced JWT authentication mechanism

Introducing enhanced JWT authentication mechanism

Hi all,

Greetings!

 

We are excited to introduce the enhanced version of the JWT authentication mechanism for ASAP add-ons.

 

ASAP

 

The ASAP (App Support Across Platforms) add-on in Zoho Desk is a stand-alone app that provides in-app self-service to the end-users. It works in tandem with your business, empowering it with the help center functionality right within the product. With ASAP, your customers do not have to navigate to a different page on your website to access help articles, seek help from customer service, or interact with fellow users. They can find the answers they need right within your business website.

 

There are two authentication methods available while configuring ASAP in the Desk portal:

• Anonymous
• JWT 

Anonymous: Anonymous users are end-users who choose not to log into the ASAP add-on. They can access your help article, submit tickets, view posts in the user community, and chat with your support agents. They can't perform other actions, such as editing or closing support tickets, and interacting with the user community.

 

JWT: In the JWT authentication method, the end-users are known as authenticated users because they choose to log into the ASAP add-on. They can perform nearly all the available actions within the ASAP add-on. The JWT authentication method is the most secure, and preferred means of authentication. 

Existing authentication mechanism

 

The existing authentication method uses a server endpoint, known as the JWT endpoint. End-users must set up this endpoint before configuring JWT authentication for the ASAP add-on. This endpoint contains the code that generates the JWT. From there, the IAM server sends the GET request containing the user token to the endpoint. Users are required to provide a valid URL for the JWT endpoint when setting up the ASAP add-on in Zoho Desk.

Improved JWT authentication mechanism

 

To provide a better, safer, and simpler authentication process, we have enhanced the existing mechanism. The enhanced mechanism verifies the authenticity of your end-users and grants them permission to use the ASAP-driven help center. 

The improved mechanism eliminates the necessity of the JWT endpoint. Now, when end-users attempt to log into ASAP, the IAM server will decrypt the JWT secret key that is sent from the application side and verifies the end user's authentication. This process allows only valid users to log into ASAP.

To learn about the complete authentication flow and the technical aspects of JWT, see our JWT mechanism for authenticating users in the ASAP add-ons (new flow) help doc.

 

Impact of the new authentication mechanism on existing web and mobile SDK users 

 

For users who activate new or additional ASAP in future, the new authentication mechanism will be in effect.

 

Note: The existing flow will be tentatively deprecated only for the web users within three months time. We will keep you posted regarding the deprecation of the existing authentication flow.

 

The enhanced method of JWT authentication has been officially released and is available to all users.

 

Give it a try, and share your suggestions and feedback here.

 

Have a great day!

Regards,

Varsha P