Shared Secret JWT Authentication (Tracebuzz)
With Shared Secret JWT Authentication, the CX platform generates a JWT using a secret that is shared with the Deepdesk Backend. Currently only Tracebuzz uses this method; this document uses Tracebuzz as the example.
Processβ
- On widget load, Tracebuzz generates a JWT and passes it into the Deepdesk SDK.
- The Deepdesk SDK calls the Admin
/session/jwtendpoint, which validates the token and sets the JWT session cookies. - The access token cookie is then used to authenticate requests to the Backend.
JWT specificationβ
- Signing algorithm: HS256
- Expiry: 24 hours
Example payloadβ
{
"iat": 1620658801,
"exp": 1620687601,
"identity": {
"account": "<account>",
"user_id": "1234",
"user_name": "John Doe",
"user_email": "john.doe@platform.com"
},
"type": "access"
}
identity.accountβ Account code (e.g.vodafoneziggo).identity.user_idβ Platform user ID.identity.user_nameβ Display name.identity.user_emailβ User email.
Example encoded JWTβ
Copy the payload above into the jwt.io debugger with your shared secret to inspect or generate tokens. For example, using the secret your-256-bit-secret produces a JWT like:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2MjA2NTg4MDEsImV4cCI6MTYyMDY4NzYwMSwiaWRlbnRpdHkiOnsiYWNjb3VudCI6IjxwbGF0Zm9ybT4iLCJ1c2VyX2lkIjoiMTIzNCIsInVzZXJfbmFtZSI6IkpvaG4gRG9lIiwidXNlcl9lbWFpbCI6ImpvaG4uZG9lQHBsYXRmb3JtLmNvbSJ9LCJ0eXBlIjoiYWNjZXNzIn0.nYuvVHaOI2TirhbTFvCX-086i7ZNM9f_f7YK5SL51P4
See alsoβ
- JWT session (cookies) β How the Backend uses JWT cookies after login.
- Authentication overview β All authentication methods.