This document outlines the available solutions for implementing authentication within various messaging channels, including Apple Business Chat (ABC), SMS, WhatsApp (WA), and Google Business Messages (GBM).
Business Requirements:
- Enable customer authentication within messaging channels.
- Scenarios requiring authentication:
- Agent needs basic customer information.
- Agent needs to verify customer identity.
- Brand needs to perform internal API calls on the customer's behalf.
Solution Options and Details:
Feature | Native ABC OAuth 2.0 | Custom CIM + Platform Capabilities | Consumer Delegation |
|---|
Channel Scope | ABC only | ABC only | All |
Configuration Complexity | High | Moderate to High | Low |
Mobile App Dependency | No | Might be required for some functionalities | No |
CB Bot Compatibility | No | Limited (requires additional development) | Yes (limited) |
User Experience | Best (within ABC) | Good | Good |
1. Authentication for Apple Business Chat
Authentication for ABC consists of 2 options, they are:
- Native ABC OAuth 2.0 Authentication
- Custom Interactive Message
1.2 Native ABC OAuth 2.0 Authentication
This section explores the built-in functionalities of Apple Business Chat (ABC) for user authentication. Leveraging the OAuth 2.0 protocol, ABC allows brands to:
- Send an authentication request to consumers using iOS 12 or later.
- Receive the consumer's response, including their user credentials.
- Validate the credentials against a designated OAuth 2.0 provider.
This approach offers a streamlined user experience within the ABC environment, eliminating the need for external app downloads or redirects. However, it's crucial to remember that this solution is exclusive to the ABC channel and requires specific technical considerations.
Requirements
- Provide the capability for the user to authenticate through the mobile web browser on brand’s IdP side.
- Obtain user’s access token from the IdP to be used in the automations/bot to make API calls on user’s behalf.
- Obtain basic user info from the IdP.
Prerequisites:
- Brand's Identity Provider (IdP) must support OAuth 2.0.
- LivePerson platform must support sending custom rich content requests.
- LivePerson platform must be able to read event metadata (access token).
Solution:
For Apple Business Chat (ABC) users on iOS 12 and above, you can leverage built-in functionalities to enable customer authentication. This involves sending an authentication request through a LivePerson template and receiving the response containing user credentials. These credentials can then be validated against an OAuth 2.0 provider to verify the user's identity.
Apple Authentication Flow:
- Eligibility Check: The system identifies if the user's device supports Apple Auth through an engagement attribute.
- Template Trigger: An agent or bot initiates the process by sending a pre-defined Apple Auth template using a Structured Content template.
- OAuth 2.0 Flow: User authentication takes place via your designated OAuth 2.0 provider.
- Result Transmission: After successful or failed authentication, Conversational Cloud transmits the outcome and details back for further processing and validation.
In this solution, CB Bots are not applicable because they lack the capability to send custom rich content messages.
Additionally, CB Bots do not possess access to the message metadata, which includes the access token returned from IdP.
Pros | Cons |
|---|
Seamlessly integrates with iMessage, offering a streamlined and intuitive communication experience. | Limited to use within the ABC channel, which restricts its application across other platforms. |
Ensures unparalleled user satisfaction by providing an optimal environment for engagement and interaction. | Requires configuration on Apple's side, potentially leading to delays due to the meticulous review process. |
Provides a native integration with iMessage, ensuring the best possible user experience. | Incompatible with CB Bots, limiting flexibility in deploying automated solutions. |
Offers a user-friendly interface, enhancing communication efficiency and effectiveness. | Involves a complex setup process, requiring expertise and attention to detail. |
The native ABC OAuth 2.0 solution offers a compelling option for ABC users, careful consideration of its limitations compared to your specific needs and technical capabilities is crucial before implementation.
1.3 Custom Interactive Message (CIM) + Platform Capabilities
This section explores a versatile approach for integrating existing mobile app functionalities within Apple Business Chat (ABC) using Custom Interactive Messages (CIMs) and an iMessage App Extension.
This method goes beyond just authentication, offering broader potential for app integration within the ABC channel.
For example:
Requirements:
This solution aims to achieve the following:
- Allow users to authenticate through the brand's mobile application.
- Trigger the authentication request through either a bot or a human agent.
- Obtain the user's access token from the Identity Provider (IdP) for secure use by automations or bots in making API calls on the user's behalf.
- Gather basic user information from the IdP for further processing.
Prerequisites:
To utilize this solution, the following conditions must be met:
- The brand must possess a mobile application with a fully functional authentication process.
- The brand needs to develop an iMessage App Extension to act as a bridge between ABC and the mobile app. This extension facilitates the exchange of user session and access tokens with LivePerson (LP).
- LivePerson must be capable of transmitting ABC Custom Interactive Messages (CIMs) to initiate the authentication process within the ABC channel. This functionality is supported through various methods, including ABC Widgets, Custom Widgets, 3rd-party Bots, and the Messaging Agent SDK.
To enable automation performing actions upon successful login, one of the following approaches is necessary:
1. This involves the App Extension providing a WebView API to the CB Bot, allowing it to execute desired actions.
2. This method utilizes the Messaging Agent SDK Bot, which receives an API request from the App Extension and subsequently performs the required actions.
3. Similar to the previous options, a custom widget would receive an API request from the App Extension and take necessary actions.
Compatibility with ABC CIM:
It's important to note that ABC CIM is only compatible with the following:
1. ABC Widget / Custom Widget: These widgets can leverage ABC CIM's functionalities.
2. 3rd-party Bots: Third-party bots can also integrate with ABC CIM for additional capabilities.
3. Messaging Agent SDK: The Messaging Agent SDK itself is compatible with ABC CIM.
This rephrased version clarifies the context and objectives, removes unnecessary wording, and improves overall readability.
Solution:
High-Level Architecture and Interaction:
Authentication Flow:
Agent Widget Flow:
Pros | Cons |
|---|
Utilizes existing customer session in Mobile App | Complexity |
| Requires modification in Mobile App |
| Requires development of App Extension |
| Not functional without Mobile App |
The Custom CIM approach offers a potential solution for ABC authentication, leveraging existing mobile app sessions for a potentially smoother user experience. However, the complexity and mobile app dependency make it essential to carefully weigh the benefits against the limitations in the context of your specific needs and technical capabilities.
2. Authentication for all Messaging Channels
The Consumer Delegation solution can be used for the following messaging channels:
- SMS
- WhatsApp (WA)
- Google Business Messages (GBM)
- Apple Business Chat (ABC)
2.1 Consumer Delegation:
This option empowers users to manage their information by authenticating through their preferred Identity Provider's (IdP) mobile web browser. This approach grants the brand controlled access (via an access token) for specific purposes within various messaging channels, facilitating functionalities like personalized interactions or automated tasks for the user.
Requirements:
- Users must authenticate through their preferred Identity Provider's (IdP) mobile web browser.
- The obtained access token from the IdP will be used by automations or bots to make API calls on the user's behalf.
- Basic user information must be accessible from the IdP.
Prerequisites:
- The brand's Identity Provider (IdP) must be configured to redirect users back to LivePerson after authentication using the following URL:
https://{domain}/callback/{account_id}/redirectCode (replace {domain} and {account_id} with your specific information). - The brand must utilize an OAuth 2.0 authorization server that supports the Code flow and is capable of returning a valid access token upon successful user authentication.
- "Consumer Authentication" credentials need to be created within LivePerson Conversation Builder (CB).
Where Authentication URL looks like this: {IdP_Authorize_Endpoint}?client_id={client_ID}&response_type=code&redirect_uri=https://{domain}/callback/{account_id}/redirectCode
This approach is limited to CB Bots and cannot be implemented with third-party bots, Custom Widgets, or bots built using the Messaging Agent SDK.
Solution:
Consumer Delegation offers a versatile approach to user authentication across various messaging channels (SMS, WhatsApp, etc.). It leverages the user's preferred Identity Provider (IdP) for authentication and utilizes an access token to grant controlled access to the brand for specific purposes within the messaging platform.
This approach empowers users to manage their information and consent, while enabling features like personalized interactions and automated tasks.
Bot Flow
Reversed Variable
- Authorization URL:
botContext.getBotVariable('external_auth_url') - Is taken by CB platform from Authentication URL in CB Authentication Credentials. - Access Token:
botContext.getWebViewVariable('cidp_accessToken') - Is taken by CB platform after authentication process is completed.
Bot Configuration
API Integration
Pros | Cons |
|---|
Compatible with any messaging channel | Limited to CB Bots only |
Easy to configure |
|
Consumer Delegation offers a secure and user-centric approach to cross-channel authentication. By leveraging trusted Identity Providers and controlled access tokens, it empowers users to manage their information while enabling functionalities within various messaging platforms.
However, its current implementation is limited to LivePerson Conversation Builder Bots, requiring further development for broader compatibility.
