User Authentication
Last updated June 11, 2024
Preventing user impersonation is key to protecting your users’ information. To do so, we allow you to create an encrypted user hash that we use to determine whether or not a user communicating with your team is the user they claim to be.
How does authentication work?
Authentication is fairly straightforward. On your server, take information that only you have access to (i.e., your secret key), combine it with a unique identifier for the user (i.e., their user id) and then run it through a hashing function (HMAC 256) to create an encrypted value (userHash
). Send it to the client who will then send it to Atlas whenever they engage with our app. Using your secret key, we decrypt the userHash
and determine whether or not the user is the same as the one they claim to be.
Setting up authentication
To enable user authentication within Atlas, go to App Configuration > Installation and get the your secret key.
To setup user authentication, you need to create a hashed_value on your server and then pass it to Atlas via Javascript using the atlas.identify
call whenever you identify your user.
Here’s an example of how you would create the userHash on the backend using Python
import hashlib
import hmac
def _get_atlas_userhash(user_id):
secret = config['ATLAS_USER_HASH_KEY']
key = secret.encode('ascii')
message = str(user_id).encode('ascii')
return hmac.new(key, message, hashlib.sha256).hexdigest()
Here's an example for Next.js
import { createHmac } from "crypto";
export const generateAtlasUserObject = (user: User) => {
if (!user) {
return {};
}
const atlasSecret = process.env.ATLAS_SECRET || "";
const hmac = createHmac("sha256", atlasSecret);
hmac.update(user.id);
const userHash = hmac.digest("hex");
return {
userId: user.id,
name: user.name,
email: user.email,
userHash,
};
};
For other languages, you find an example here
And on the front end, you would pass this information to Atlas as follows:
window.Atlas.call("identify", {
userId: this.user.id,
name: this.user.name,
email: this.user.email,
userHash: this.user.atlasHash,
})
Now go back to App Configuration > Installation and enable Authentication by enabling "Authenticate Users".
After authentication is enabled, atlas chat won't start for anyone trying to spoof a user.