How it works
Sign-on flow: Web Code Flow
-
A consumer logs into the authenticated area, and clicks on a chat invitation.
-
The Live Assist Web SDK calls the configured webpage JavaScript method to supply an authorization code. The web app verifies that the consumer is logged in (otherwise it asks the user to log in according to the brand’s standards), and then issues an authorization code. The Authorization Code is supplied back to the Live Assist Web SDK using a callback method.
-
The authorization code is passed to the Live Assist service by the embedded window while sending the chat request.
-
The Live Assist service processes the chat request , and queries the brand’s Visitor Authentication Service with the authentication code that it just received. In response, the brand's Visitor Authentication Service validates the Authentication Code and sends an OpenID Connect token with all visitor attributes.
-
When the OpenID Connect token is successfully received by the Live Assist service, the chat process starts.
Note:
• Visitor attributes can be added to the OpenID Connect token. Those visitor attributes are displayed to the agent in the Agent Workspace, next to a secure icon.
• Consumers who are not currently logged in, or whose login effort failed, are unable to start a conversation with the designated agent. Instead, they are redirected to the Offline survey.
Sign-on flow: Web Implicit Flow
Implicit Flow is very similar to Code Flow, but with the following differences:
-
Instead of generating an authorization code, the Brand Service generates an OpenID Connect token. This type of token contains the user information and is not just a reference. The user information is signed using the brand keys and can also be encrypted for Live Assist.
-
When the Live Assist Service receives this token, instead of validating it with the Brand Service, it verifies the signature and decrypts its content.
Note: Consumers who are not currently logged in are unable to start a conversation with the designated agent. Instead, they are redirected to the Offline survey.
Authentication Expiration Flow
Every JWT contains an expiration time. Upon JWT expiration, the customer side is asked to provide a refreshed JWT.