Authentication
To start a session with an expert through the SDK, the user needs to be authenticated (logged in).
The SDK provides 3 ways to authenticate users:
- SMS flow
- Using a JWT token generated by the hosting site/app
- Anonymously
You can choose to allow one or more of these methods.
The authentication method you choose is saved as part of your app key settings and can be changed by contacting the SDK team.
SMS flow
The SMS flow consists of 3 steps:
- Ask the user to enter their phone number
- Send the user an SMS with a generated code (OTAC)
- Verify the user's identity by asking them to enter the code they received in the SMS
Using JWT token
In this flow, the SDK will validate a JWT token it got from the hosting site/app and sign the user in based on the token's claims.
For this flow to work, info about the token needs to be provided to the SDK team by contacting us - this is a one-time process that will include information like the token's issuer, its claims, and additional details.
Once the SDK team approves the changes, call the signIn API with your token to allow this method.
Anonymous login
This option allows the website to log in without any action from the user by calling the anonymousSignIn API.
A cookie is being used to restore the user's sessions when navigating between pages.
The cookie TTL is 1 hour. After that time the user's sessions will be cleared can't be restored or continued.