What is JWT Authentication?
We have enhanced the existing mechanism to provide a better, safer, and simpler authentication process. The improved JWT Authentication mechanism verifies the authenticity of your end users and permits them to use the help widget. To access the tickets they submitted, end-users of your app must have an identity to authenticate themselves as a user of the Zoho Desk portal. Zoho Desk makes this authentication possible via the JSON Web Token (JWT).
Zoho Desk supports two types of authentication: Anonymous and JWT.
• Anonymous
In this type, end-users are considered guest users. They can only submit tickets, view posts in the User Community, and chat with a customer support agent. They cannot view the tickets they submitted or actively participate in the User Community.
• JWT
In this type, end-users are considered authenticated users. In addition to the activities that guest users can perform, authenticated users can also view the submitted tickets and actively participate in the User Community (with rights to perform actions such as following a topic, adding a topic, and commenting on existing posts).
JWT (JSON Web Token) is a secure and efficient way of exchanging claims between two parties. It is a compact and URL-safe method of representing data that needs to be transferred. JWT is usually used for authentication and authorization purposes. The token is digitally signed, which ensures its authenticity and integrity. JWTs are widely used in modern web applications and APIs to transmit information securely between the client and server.
The following code snippet authenticates users in the SDK:
- if(!MyApplication.deskInstance.isUserSignedIn())
{
MyApplication.deskInstance.loginWithJWTToken(String jwtToken, ZDPortalCallback.SetUserCallback callback)
}
In the code snippet above:
1 loginWithJWTToken is the function that inputs the user's jwt token.
2 jwttoken The generated jwttoken is used to authenticate the user signing in to the app.
3 callback is the ZDPortalCallback.SetUserCallback instance that will be called after userFetch is executed.
The loginWithJWTToken function must be executed only if a user has not signed into the SDK. Therefore, you must first configure the ASAP help widget to check whether a user has signed in.
To perform this check, use the following code:
- boolean isUserLoggedIn = MyApplication.deskInstance.isUserSignedIn();
Logging out users from the SDK
To log a user out of the SDK, use the following method
- MyApplication.deskPortalSDK.logout
(new ZDPortalCallback.LogoutCallback()
{
@Override
public void onLogoutSuccess()
{
//User logged out
}
@Override
public void onException(ZDPortalException e)
{
}
});
After this method is implemented, the authenticated users are treated as anonymous.
Clearing Local Data
When an authenticated user signs out of the ASAP help widget, all data stored locally on the device is cleared automatically.
If local data needs to be cleared for anonymous users, use the following method:
- MyApplication.deskInstance.clearDeskPortalData();