Print
Secure Auth
You can authenticate users through the Widget SDK which will make your Froged widget a better experience for your users.

This will mean that your users no longer have to provide name and email information, since this will be provided through the SET method. The widget also display past user conversation history as well as unread messages.


Setup

Make sure you have the Froged snippet installed. Copy and place the above code anywhere in your HTML. Then, replace the values below with values appropriate for the user that you are authenticating: 
Froged('set', {
    userId: '{{ USER ID }}',
    email: '{{ USER EMAIL }}',
    name: '{{ USER NAME }}'
  });


Secure auth

Secure Auth helps to ensure conversations between you and your users are kept private, and that one person can't impersonate another. We strongly encourage all Intercom customers to set up and enable identity verification.

You can activate Secure auth in your workspace settings: 

Once activated, if you want to call the SET method, to pass a hash verifying user information will be mandatory:
Froged('set', {
    userId: '{{ USER ID }}',
    email: '{{ USER EMAIL }}',
    name: '{{ USER NAME }}',
    hash: '{{ HASH GOES HERE }}'
  });

You must generate this hash using your Secured contacts auth key. For security reasons, this value should never be shared. It is advised that you generate your authkey on the server side before rendering it in JavaScript. We've provided some examples in various languages below: 

 NODE
CryptoJS.HmacSHA256(user.userId + ":" + user.email, "{{ YOUR SECURE AUTH KEY }}");
 PYTHON
hmac.new("{{ YOUR SECURE AUTH KEY }}", user.userId + ":" + user.email, hashlib.sha256).hexdigest()
 RUBY
OpenSSL::HMAC.hexdigest('sha256', '{{ YOUR SECURE AUTH KEY }}', "#{user.userId}:#{user.email}")
 PHP
hash_hmac('sha256', $user->userId . ':' . $user->email, '{{ YOUR SECURE AUTH KEY }}')

We insist on the importance of implementing this security mechanism. If you have questions or need help, please contact support.

Multiple contacts with same emails

It is possible for a user to identify himself using a qualification form, an email collector, ... In those cases, the identity of that contact has not been verified, so for security reasons it is not linked to the previous information from that same email.
Was this helpful?