AtlasCustomer PortalGo to Atlas

No results

Help CenterGetting startedUser Authentication

User Authentication

Last updated June 11, 2024

Preventing user impersonation is key to protecting your users’ information. To do so, we allow you to create an encrypted user hash that we use to determine whether or not a user communicating with your team is the user they claim to be.

How does authentication work?

Authentication is fairly straightforward. On your server, take information that only you have access to (i.e., your secret key), combine it with a unique identifier for the user (i.e., their user id) and then run it through a hashing function (HMAC 256) to create an encrypted value (userHash). Send it to the client who will then send it to Atlas whenever they engage with our app. Using your secret key, we decrypt the userHash and determine whether or not the user is the same as the one they claim to be.

Setting up authentication

To enable user authentication within Atlas, go to  App Configuration > Installation  and get the your secret key.

To setup user authentication, you need to create a hashed_value on your server and then pass it to Atlas via Javascript using the atlas.identify call whenever you identify your user.

Here’s an example of how you would create the userHash on the backend using Python

import hashlib
import hmac

def _get_atlas_userhash(user_id):
    secret = config['ATLAS_USER_HASH_KEY']
    key = secret.encode('ascii')
    message = str(user_id).encode('ascii')
    return hmac.new(key, message, hashlib.sha256).hexdigest()

Here's an example for Next.js

import { createHmac } from "crypto";

export const generateAtlasUserObject = (user: User) => {
  if (!user) {
    return {};
  }
  const atlasSecret = process.env.ATLAS_SECRET || "";
  const hmac = createHmac("sha256", atlasSecret);
  hmac.update(user.id);
  const userHash = hmac.digest("hex");
  return {
    userId: user.id,
    name: user.name,
    email: user.email,
    userHash,
  };
};

For other languages, you find an example  here 

And on the front end, you would pass this information to Atlas as follows:

window.Atlas.call("identify", {
   userId: this.user.id,
   name: this.user.name,
   email: this.user.email,
   userHash: this.user.atlasHash,
})

Now go back to  App Configuration > Installation  and enable Authentication by enabling "Authenticate Users".

After authentication is enabled, atlas chat won't start for anyone trying to spoof a user.

Was this article helpful?