How to deal with activation success or failure?

Failures happen for various reasons, therefore while creating robust and secure system the implementation needs to cope with such cases. Authentication failures can happen in two places:

The sign-in in the visitor’s authenticated space fails

In this case, the backend logic is unable to generate a token : it is then the client’s responsibility to activate the iAdvize tag. In other words, it is the client implementation responsibility to decide whether:

  • Not to activate the tag (i.e. not calling "iAdvize.activate" methods)

  • Or to fall back to an anonymous activation instead.

If you want to ensure a fully authenticated conversational experience, we recommend the first defensive implementation.

The iAdvize "activate" method can also fail

If the token is ill-formatted or if signature is incorrect, the "iAdvize.activate" can also fail.

To cope with this, the "iAdvize.activate" method takes an optional argument : a function that will be called with an object containing the result of the authentication ("authentication-success" or "authentication-failure"). This object includes the reason the authentication failed: a malformed token, an invalid key, a double login attempt, ...

const iAdvizeActivationCallback = (activation) => {
        console.log(activation);
}
/* In case of success, logs :
{
        authentication: {
                option: { type: 'SECURED_AUTHENTICATION', token: '<YOUR-TOKEN>' },
                status: 'authentication-success'
        }
}

/* In case of failure, logs :
{
        authentication: {
                option: { type: 'SECURED_AUTHENTICATION', token: '<YOUR-TOKEN>' },
                status: 'authentication-failure',
                reason: 'A login is already ongoing' // Or another relevant error
        }
}

iAdvizeInterface.push(async (iAdvize) => {
        const activation = await iAdvize.activate(async () => {
                const token = await ... // your backend logic to generate a JWE - note that this can be called at anytime for refresh
                return {
                        authenticationOption: { type: 'SECURED_AUTHENTICATION', token }
                };
        }) ;
        iAdvizeActivationCallback(activation);
});

In case of failure, we recommend that you do not fallback to the anonymous activation.

Note : iAdvize javascript logic has already retry policies implemented. It will automatically retry 3 times in case of error. If it does not succeed, iAdvize systems return an error. We do not recommend that the client implementation adds additional retries.

Last updated

#147: HFE - Authenticated Messaging

Change request updated