The
JWT access token for the Web ASAP Help Widget will expire in one hour.
Please ensure the JWT token in the provided code snippet is valid and
up-to-date. It's important to note that after the token expires, it
should only be generated and utilized on the server by the customer.
Implementing the token on the client side may result in potential data
leaks.
Code snippets to Authenticate users via the JWT mechanism on the old and new versions of ASAP
The
server generates the OAuth Token if the JWT token consists of logged-in
user information and provides the generated OAuth token to a client.
The client could then use that token to prove the authenticity of the
'logged in as a registered Zoho user'.
Web
ASAP 1.0 (Older version)
Please use the code snippet below to implement the JWT (JSON Web Token) authentication mechanism in ASAP 1.0 version.
The code to get Zoho's server to generate the JWT token.
- window.ZohoHCAsapSettings={
userInfo :{
jwtToken : "generated-jwt-token"
}
}
ASAP 2.0 (New version) - The improved JWT mechanism
To implement JWT (JSON Web Token) authentication in Zoho Desk ASAP 2.0, you must follow a series of steps to manage the login, logout, and token retrieval dynamically. Below is a guide on how to achieve this.
You need to define a function that fetches the JWT token from your server and passes it to the success callback.
- let getJwtTokenCallback = (successCallback, failureCallback) => {
// Fetch the JWT token from your server or authentication service
fetch('/api/get-jwt-token') // replace with your actual endpoint
.then(response => response.json())
.then(data => {
// Pass the JWT token to the success callback
successCallback(data.token);
})
.catch(error => {
// Handle any errors and pass the error to the failure callback
failureCallback(error);
});
}
// Invoke login with JWT token retrieval
window.ZohoDeskAsapReady( () => {
ZohoDeskAsap.invoke('login', getJwtTokenCallback);
})
We need a callback on the first-page load to get the JWT token. After that, there's no need to pass the callback in the login API for subsequent loads.
Dynamic Login
If you want to handle login dynamically, ensure that you invoke the login method whenever the user attempts to log in.
- function handleLogin() {
window.ZohoDeskAsapReady( () => {
ZohoDeskAsap.invoke('login', getJwtTokenCallback);
})
}
// Example usage: attach this function to a login button
document.getElementById('loginButton').addEventListener('click', handleLogin);
Handling Logout
To handle the logout, you can use the following method:
- function handleLogout() {
window.ZohoDeskAsapReady( () => {
ZohoDeskAsap.invoke('logout');
})
}
// Example usage: attach this function to a logout button
document.getElementById('logoutButton').addEventListener('click', handleLogout);
How JWT works on page load
- Session maintenance after login: Once logged in, the session will be maintained across page loads.
- Dynamic case on page load: For dynamic cases, the session will be maintained across page loads. If you want to log out after a page load, use the logout API.
- First-time login API call: On the first login API call, you must pass the JWT callback function as a parameter.
Implementation of JWT Authentication
This setup provides a basic but functional approach to integrating JWT-based authentication with Zoho Desk ASAP 2.0.
Here's an example of putting it all together in a single code snippet:
- // Function to retrieve the JWT token
let getJwtTokenCallback = (successCallback, failureCallback) => {
fetch('/api/get-jwt-token') // replace with your actual endpoint
.then(response => response.json())
.then(data => {
successCallback(data.token);
})
.catch(error => {
failureCallback(error);
});
};
// Login dynamically on page load
window.onload = function() {
//load this API after ASAP script
window.ZohoDeskAsapReady( () => {
ZohoDeskAsap.invoke('login', getJwtTokenCallback);
})
};
// Manual login trigger (e.g., on button click)
document.getElementById('loginButton').addEventListener('click', () => {
window.ZohoDeskAsapReady( () => {
ZohoDeskAsap.invoke('login', getJwtTokenCallback);
})
});
// Logout handler
document.getElementById('logoutButton').addEventListener('click', () => {
window.ZohoDeskAsapReady( () => {
ZohoDeskAsap.invoke('logout');
})
});
Android
The code to get Zoho's server to generate the JWT token. Refer to this help documentation. - MyApplication.deskInstance.loginWithJWTToken(String jwtToken, ZDPortalCallback.SetUserCallback callback)
iOS
This new login method will indicate that the passed token is a JWT token.
Refer to this help documentation.- ZohoDeskPortalKit.login(withJWTToken: token, onCompletion: handler)