Comment on page

Authenticating Users

By default, Decagon does not authenticate users. To authenticate users, first contact us to enable this feature and send you a secure private key.
Generating an authentication token
You should first use the private key you were given to generate a token authenticating the user. This must be done on a backend server. Since the private keys cannot be exposed to end users, this cannot be done on a web client.
To generate a token, use the following Python snippet (or it's equivalent in another language):
import hashlib
import hmac
import time
​
def get_token(user_id, private_key):
    epoch = int(time.time())
    message = user_id + str(epoch)
    signature = hmac.new(
        private_key.encode('utf-8'),
        message.encode('utf-8'), 
        hashlib.sha256
    ).hexdigest()
    
    return {
        'user_id': user_id,
        'epoch': epoch,
        'signature': signature
    }
Tokens are valid for 24 hours. After this time, a new token must be generated.
Authenticating the user on the frontend
Every time the user is identified on the frontend, you must also pass in the token object that was generated above as part of the metadata.
window.duet.setMetadata({
    ...,
    user_id_authentication: {
        user_id: ...,
        epoch: ...,
        signature: ...
    }
})

Advanced widget functionality

Adding Decagon to your Swift app

Last modified 2mo ago