Using JWT for Help Center authentication - how do I complete the login flow? | Community
Skip to main content
Answered

Using JWT for Help Center authentication - how do I complete the login flow?

  • March 12, 2026
  • 1 reply
  • 63 views
D

Hi everyone,

I'm trying to implement authentication for the Help Center and ticket portal using JWT, but I'm having trouble finding documentation about what happens after generating the JWT.

I already have the JWT generated on my backend, but I can't find clear docs explaining:

  • How to use that JWT to actually log the user into the Help Center

  • How to authenticate them for the ticket/request portal

  • Whether there's a specific endpoint, redirect flow, or client-side method required after obtaining the JWT

I also tried following the approach discussed in this community thread, but I couldn't get it to work in my implementation:
https://community.intercom.com/settings-security-permissions-22/dynamic-help-center-login-link-11313?tid=11313&fid=22

 

Most documentation I found explains how to generate the JWT, but not how to complete the login flow with it.

Does anyone have:

  • Documentation

  • Example implementations

  • Articles or guides

I tried this

on how to finish the login process once the JWT is created?

Thanks!

Best answer by Dara K

Hey ​@Dean32 

When all of these are true:

  • Messenger is installed for logged-in users in your app.
  • Messenger Security with JWTs is enabled and you pass a JWT when you boot the Messenger.
  • Your Help Center / Tickets Portal use a custom domain on the same organisational domain as your app, with cookie forwarding set up.

…then the flow is:

  1. User logs into your app → you call Intercom('boot') with a valid JWT.
  2. Intercom sets its session cookies in the browser.
  3. When the user follows a link to your Help Center or Tickets Portal on the custom domain, those cookies are forwarded and Intercom automatically treats them as logged in there too.

A minimal example of “passing the JWT to the Messenger” on your app side looks like:

<script>
  // Called after your user logs into your app
  fetch('/intercom/jwt')           // your backend endpoint
    .then(res => res.json())
    .then(({ intercomJwt, userId, email }) => {
      window.Intercom('boot', {
        app_id: 'YOUR_APP_ID',
        user_id: userId,           // required in the JWT payload
        email: email,              // optional but recommended
        intercom_user_jwt: intercomJwt
      });
    });
</script>
  • Your backend generates intercomJwt using the Messenger secret key and includes user_id (and any other attributes) in the JWT payload.
  • The frontend passes that token via intercom_user_jwt when booting the Messenger.

Once that’s in place and cookie forwarding is working, that same authenticated session is what the Help Center and ticket portal rely on, no extra login step needed there.

    1 reply

    D
    Intercom Team
    Forum|alt.badge.img+5
    • Dara KIntercom Team
    • Intercom Team
    • Answer
    • March 27, 2026

    Hey ​@Dean32 

    When all of these are true:

    • Messenger is installed for logged-in users in your app.
    • Messenger Security with JWTs is enabled and you pass a JWT when you boot the Messenger.
    • Your Help Center / Tickets Portal use a custom domain on the same organisational domain as your app, with cookie forwarding set up.

    …then the flow is:

    1. User logs into your app → you call Intercom('boot') with a valid JWT.
    2. Intercom sets its session cookies in the browser.
    3. When the user follows a link to your Help Center or Tickets Portal on the custom domain, those cookies are forwarded and Intercom automatically treats them as logged in there too.

    A minimal example of “passing the JWT to the Messenger” on your app side looks like:

    <script>
      // Called after your user logs into your app
      fetch('/intercom/jwt')           // your backend endpoint
        .then(res => res.json())
        .then(({ intercomJwt, userId, email }) => {
          window.Intercom('boot', {
            app_id: 'YOUR_APP_ID',
            user_id: userId,           // required in the JWT payload
            email: email,              // optional but recommended
            intercom_user_jwt: intercomJwt
          });
        });
    </script>
    • Your backend generates intercomJwt using the Messenger secret key and includes user_id (and any other attributes) in the JWT payload.
    • The frontend passes that token via intercom_user_jwt when booting the Messenger.

    Once that’s in place and cookie forwarding is working, that same authenticated session is what the Help Center and ticket portal rely on, no extra login step needed there.

    Terms & ConditionsAccessibility statement