Support experimental JWT feature (not available yet)

[DamonFstr]

We're working on an experimental feature to allow you to authenticate with the messenger using a JWT token instead of sending a user_hash.

This feature is not currently general release however we will be seeking beta customers early next year (2025). If you are interested drop us a line at [email protected] (even if you don't use the rails gem!)

Description of the feature

When launching the Messenger for a logged-in User, you can provide a signed JSON Web Token in the intercom_user_jwt attribute of the Messenger payload.

This JWT can contain any User Data Attributes you want to securely send for the user. If you want to ensure those attributes can only be updated by you, you should disable Messenger updates for these Attributes, and as long as they are signed, they will still be updated.

You can use industry standard JWT libraries to generate the token, using your Messenger API Secret as the secret key.

A Messenger installation with JWTs requires minimal change compared to basic Identity Verification.

Example Server-Side Configuration

var jwt = require('jsonwebtoken');
const intercomUserJwt = jwt.sign({ user_id: '123', email: '[email protected]', phone: '345-345-3456' }, '<API_SECRET>', { expiresIn: '1h' });

Example Client-Side Configuration

<script>
    window.intercomSettings = {
      app_id: <APP_ID_CODE>,
      intercom_user_jwt: <TOKEN>,
      extra_data_attribute: 'data'
    };
</script>