My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
  2. Working with Live Chat
  3. Admin Guide

How to Verify Chat Conversations in BoldDesk

Updated:

In BoldDesk, a contact record may appear as verified, but a chat session initiated by the same user is not automatically verified. This behavior is intentional and tied to BoldDesk’s JWT‑based chat verification model, which ensures that each chat session is securely associated with an authenticated user.
This article explains:

  • Why contacts can be verified while chats are not
  • How BoldDesk manages chat identity verification
  • How to verify chat sessions using Custom JavaScript
  • How to pass optional fields such as user token and email

Why Chat Sessions Are Not Automatically Verified

In BoldDesk, chat verification is session‑based, not contact‑based. Even if a contact already exists and has been previously verified, the chat widget does not assume the user is authenticated.

Reason: BoldDesk requires a JWT token for chat verification

  • The contact record identifies who the user is.
  • The chat session identifies whether the user is authenticated right now.

A chat session is only marked as verified when the widget receives a valid JWT.
This helps BoldDesk:

  • Prevent impersonation or unauthorized use
  • Ensure secure session-level identity
  • Allow workflows to differentiate between:
    • Verified logged‑in users
    • Guest or anonymous visitors

Without a JWT, the system treats the chat as unverified, even if the contact record is known.

BoldDesk’s Solution: Verify Chat Sessions Using Custom JavaScript

BoldDesk supports Custom JavaScript injection through the chat widget settings. This lets you programmatically send a JWT token to the chat widget immediately after a user logs in. This is currently the official method for verifying chat conversations.

Where the logic runs

  • BoldDesk Live Chat Widget
  • BoldDesk Web SDK
  • Custom login or front-end authentication flows

Using this method, the system can automatically verify the chat session and securely map it to the authenticated user.

How to Verify a Chat Session Using Custom JavaScript

BoldDesk allows adding custom JavaScript to the live chat widget (via portal settings), meaning you can programmatically pass the JWT token once a user logs in. Follow the steps below to add verification logic to the chat widget.

Step-by-Step Instructions

  1. Log in to the BoldDesk Admin Module.

  2. Navigate to Chat → Live Chat.

  3. For an existing widget, click More options (⋮) → Edit. To add a new widget, click Add Widget.

    Option_to_Edit_a_Live_Chat_Widget.png

  4. Open the Appearance tab.

  5. Scroll to Advanced Customization.

  6. Paste the following Custom JS into the field.

    Option_to_Add_Custom_JS_Code_for_a_Live_Chat_Widget.png

Custom JavaScript for Chat Verification

code to add in custom JS:


window.$boldChat = window.$boldChat || [];
window.$boldChat.push(["on:chatServerConnected", verifyConversation]);  
   function verifyConversation() {
        if (window.boldChatSettings.isConversationVerified !== true){
              window.$boldChat.push(["do:verifyConversation", {
                 email : " ",
                userToken: " ",
               // Callback invoked with verification response from the server
               callback: (res) => { 
                   if(res.isVerified){
                       console.log(res);
                   }
                   // If verification failed and server returned a message, clear the session
                   else if (!res.isVerified && res.message?.trim() !== ''){
                       console.log(res.message)
                       window.$boldChat.push(["do:clearSession"]);
                   }
                }
           }]);
       } 
   }

To successfully verify a conversation, the system requires both the email and userToken to be provided. The verification flow supports two input options:

  1. Provide email and userToken within the CustomJS implementation, ensuring the conversation is validated at the time of initialization.
  2. If these values are not provided via CustomJS, the system will automatically retrieve them from the following global settings:
  • window.boldChatSettings.email
  • window.boldChatSettings.userToken

Frequently Asked Questions (FAQs)

Q1: Why does BoldDesk require JWT for chat verification?
To prevent impersonation and ensure each session is securely tied to an authenticated user.

Q2: Can a known contact have an unverified chat session?
Yes. Contacts and chat sessions use separate verification mechanisms.

Q3: Can I verify chat sessions without using Custom JS?
No. Custom JS (or Web SDK) is the required method for sending the JWT token.

Q4: What happens if verification fails?
You can clear the chat session using clear Session to prevent unauthorized access.

Q5: Is the email required in the verification request?
No. Only the JWT token is required. Email is optional but recommended.
Attachments
Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Comments (0)
Access denied
Access denied