[Optional] Identity Verification

This step helps ensure that no user can spoof his email account and join some other company channel. After making Saturn Live for at least a few weeks, you can do this step.

Follow these steps to implement identity verification in your app:

  1. To set up identity verification, you must generate an HMAC on your server for each logged-in user and send it to Saturn.

    Here's the code to generate an HMAC for your app is:

const crypto = require('crypto');

const secretKey = <hmacSecretKey>; // Replace this with the secretKey from Saturn Dashboard
const userIdentifier = current_user.id.toString();

const hash = crypto.createHmac('sha256', secretKey).update(userIdentifier).digest('hex');

Keep your secret key safe! Never commit it directly to your repository, client-side code, or anywhere a third party can find it.

  1. Everywhere that you initialize user data in saturn and have a window.$saturn.setUser called, add a new user attribute identifierHash to the second param object, and assign the HMAC code for the logged-in user to it.

    So the initialize user code looks like this now

/**
 * @param {string} uid - [Required] User ID
 * @param {string} email - [Optional] User Email
 * @param {string} name - [Optional] User Name
 */
const initSaturnUser = (uid, email, name) => {
  if (!uid) return;

  // Backend Call
  getUserHmacHash(userData.uid).then((hash) => {
    if (window?.$saturn && window?.$saturn?.isLoaded) {
      window.$saturn.setUser(uid, {
        email: email,
        name: name,
        identifierHash: hash,
      });
    } else {
      window.addEventListener(
        "saturn:ready",
        function () {
          window.$saturn.setUser(uid, {
            email: email,
            name: name,
          });
        },
        { once: true }
      );
    }
  });
};
PreviousTracking Event & AttributesNextJavascript API: Methods

Last updated