setting up zoho login with jwt – DAStek Softwares Pvt Ltd

This document outlines the steps for setting up a custom, secure login for your Zoho Help Center using JSON Web Tokens (JWT). This method allows you to use your existing user database to authenticate users seamlessly, providing a single sign-on (SSO) experience.

Setting Up a Zoho Help Center Login with JWT

Introduction

Step 1: Enable Unique User Authentication in Zoho Desk

First, you need to configure your Zoho Desk account to allow separate user logins for different brands, which is a prerequisite for custom authentication methods like JWT.

Navigate to your Zoho Desk account and click the Setup gear icon ⚙️ in the top right corner.
In the left-hand menu, under General, select Rebranding.
Click on the Multi-brand tab.
Next to your brand, click Manage.
In the Users section, check the box to “Enable unique users for this brand”. This setting separates user lists, allowing you to manage access for each brand independently.

Step 2: Configure JWT Authentication in Zoho Desk

Now, you’ll set up the JWT authentication method within your Help Center settings.

From the Setup menu, go to the Help Center section and select User Authentication.
Choose JWT as the authentication type.
You’ll be prompted to provide two key URLs and a secret key:
- Remote Login URL: This is the URL on your platform where users will be redirected to when they need to log in.
- Remote Logout URL: This is the URL on your platform where users will be sent to when they log out of the Help Center.

JWT Secret Key: This is a crucial, confidential key used to sign and verify your JWTs. Zoho will provide this key. Copy it and store it securely on your platform.

Step 3: Generate a JWT on Your Platform

On your platform, you’ll need to generate a JWT for your authenticated users. This token will contain the user’s information and will be signed using the secret key you copied from Zoho Desk. (Download Coldfusion jwt.cfc)

Required JWT Payload Claims

Your JWT must include the following claims (data fields) in its payload:

name: The user’s full name.
email: The user’s email address. This is a critical field for identifying the user in Zoho Desk.
iat: Issued At. A timestamp (in seconds since the Unix epoch) indicating when the token was created.
exp: Expiration Time. A timestamp (in seconds since the Unix epoch) indicating when the token will expire. This is a security measure to prevent replay attacks.
jti: JWT ID. A unique, one-time-use identifier for the token. This prevents the same token from being used multiple times.

ColdFusion Code Example

The provided jwt.cfc component is a tool you can use in ColdFusion to generate these tokens. The encode function is what you’ll use.

Example of a ColdFusion function to generate and redirect a user:

// Initialize the JWT component with your secret key

var jwt = new c.cfcs.jwt(key=”[YOUR_JWT_SECRET_KEY]”);

// Define the JWT payload with required claims

var claims = {

“name”: “[USER_FULL_NAME]”,

“email”: “[USER_EMAIL_ADDRESS]”,

“iat”: getTickCount() / 1000,

“exp”: (getTickCount() / 1000) + 600, // Token expires in 10 minutes

“jti”: createUUID()

};

// Encode the payload to create the JWT token

var token = jwt.encode(payload=claims, algorithm=”HS256″);

</cfscript>

Step 4: Redirect the User to Zoho Desk

After generating the JWT, you need to send the user and the token to the Zoho Help Center.

Take the generated JWT.
Append it to the Zoho Sign-in Endpoint URL that you copied in Step 2 as a query parameter named token. The URL will look like this: https://[your_help_center_domain].zoho.com/api/helpcenter/v1/auth/jwt/login?token=[your_encoded_jwt_token]
Redirect the user to this URL.

Zoho Desk will automatically intercept this request, validate the JWT using the secret key, and if the token is valid and the user’s email matches, it will log them into the Help Center.

Trust and Worth

Our Customers

We are having a diversified portfolio and serving customers in the domains namely Sports Management, Online Laundry System, Matrimonial, US Mortgage, EdTech and so on.