Identity Verification for web

  • 11 June 2023
  • 2 replies

Hello there,

I want to enable identity verification  for a web application my questions are:

1-After generating a hash on a server-side, is there a secure way you suggest to send that hash to a client-side? Also, Is it fine JavaScript access to the hash in the client-side?

2- How would I test identity verification in DEV environment before implement it in PROD?

Thank you!!


Best answer by Racheal 16 June 2023, 03:12

View original

2 replies

Userlevel 4

Hey @Hayder Jebur Racheal from the support engineer team here👋 


It looks like my teammates Eden and Magnus helped you out on this but I’ll add their responses here for future viewers!

  1. The hash itself shouldn't need any specific protection, so I'd recommend just adding it to the installation snippet where you're passing in the User attributes. Just make sure to never send the secret to the client and you're all good! The user_hash must be generated server-side. After you have generated the user_hash, you need to pass it to the intercomSettings object anywhere that the Messenger is loaded on your site (client-side). 
  2. To test identity verification, you would need to enable it within Intercom and make sure you have the script set up in your server. Then try to login to your site and open the Messenger. If it’s there, your user_hash was properly generated and you’re good to go! If it isn’t there and you are seeing some 403 errors in the console, you’ll need to take a look at your script and make sure you are passing the correct hashes. You can always check user hashes using our user hash calculator in Settings > Security > Identity Verification

I need help setting up this on my end. anyone could help me? I need help with the Google tag support.