intercom-rails 1.0.1 → 1.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e2fc85ba00358eada296192f07e67ba84f37424ba7a5d8ee9ea5f83e5a0bc60b
-  data.tar.gz: e3f4bfc29ba15e72c9f19c3c363abeb587ff6668637740edee063c69a329d648
+  metadata.gz: ff14436633adc07b04ea0fff8507abf54e6fd34e4c4ab943c3a26aa691d69801
+  data.tar.gz: 7fe20bd0ce9cff4efe03a935886b43ac8bed8f56366e75f1733a5948f7145299
 SHA512:
-  metadata.gz: eb3a484b71432a961158d13ee67bc43e867d74e4ecfad7d81b58607e7f09aeacb6f9e002df29b3028ac3e71717cece13a2251a0d7a5636ba67264c59465a5167
-  data.tar.gz: 689566c0e89a88620c018c41e8c49ff23e5aeedc32c180f0684e94d27b2112ba0ce13d5c691a89fa7db0a492352962e41be6e831a8855536fac5c6cfb557d782
+  metadata.gz: 744323aa7316eebe9923ef4a15897e6cf0ee24fda86e42f19ee865f1050e09840a4921be0b8f706a4fd610d66d584f4155a83a7483686949ec46e858ca2a9623
+  data.tar.gz: a93f75e039d873083243e3c847b8ccc4e2f35e812c4e05d5423fca83c36419aa908348003770133384044629584e63d4f55feafa6ff6b9f68e9d4b172274e2e0

data/README.md

@@ -69,6 +69,53 @@ It is possible to enable Identity Verification for the Intercom Messenger and yo
 ```
 **Note: This example is just for the sake of simplicity, you should never include this secret in source control. Instead, you should use the Rails [secret config](http://guides.rubyonrails.org/4_1_release_notes.html#config-secrets-yml) feature.**
 
+### JWT Authentication
+You can enable JWT authentication for enhanced security with the Intercom Messenger. This feature uses JSON Web Tokens (JWTs) to authenticate users instead of the traditional user_hash method. To enable JWT authentication, add the following to your `config/initializers/intercom.rb`:
+
+```ruby
+  config.jwt.enabled = true
+```
+
+#### JWT Expiry
+You can set an expiry time for JWTs. This determines how long the token remains valid:
+
+```ruby
+  config.jwt.expiry = 12.hours  # Token expires after 12 hours
+```
+
+If no expiry is set, the JWT will not include an expiration claim.
+
+#### Signed User Fields
+You can specify which user fields should be included in the JWT payload and removed from the client-side settings for enhanced security:
+
+```ruby
+  config.jwt.signed_user_fields = [:email, :name, :plan, :team_id]
+```
+
+With this configuration, these fields will be:
+- Included in the signed JWT payload
+- Removed from the client-side `intercomSettings` object
+- Still available to Intercom through the secure JWT
+
+#### Per-Request JWT Configuration
+You can also configure JWT settings on a per-request basis using the `intercom_script_tag` helper:
+
+```erb
+<%= intercom_script_tag({
+  :user_id => current_user.id,
+  :email => current_user.email
+}, {
+  :jwt_enabled => true,
+  :jwt_expiry => 1.hour
+}) %>
+```
+
+**Important Notes:**
+- JWT authentication requires an `api_secret` to be configured
+- JWT is only generated when a `user_id` is present
+- When JWT is enabled, the `user_id` is removed from client-side settings and only included in the secure JWT
+- Other configured signed fields are also removed from client-side settings when JWT is used
+
 ### Shutdown
 We make use of first-party cookies so that we can identify your users the next time they open your messenger. When people share devices with someone else, they might be able to see the most recently logged in user’s conversation history until the cookie expires. Because of this, it’s very important to properly shutdown Intercom when a user’s session on your app ends (either manually or due to an automated logout).
 
@@ -342,7 +389,7 @@ CSP support for automatic insertion exposes two namespaces that can be defined b
  - String CoreExtensions::IntercomRails::AutoInclude.csp_nonce_hook(controller)
  - nil CoreExtensions::IntercomRails::AutoInclude.csp_sha256_hook(controller, SHA-256 whitelist entry)
 
-For instance, a CSP nonce can be inserted using the [Twitter Secure Headers](https://github.com/twitter/secureheaders) gem with the following code:
+For instance, a CSP nonce can be inserted using the [Github Secure Headers](https://github.com/github/secure_headers) gem with the following code:
 ```ruby
 module CoreExtensions
   module IntercomRails

data/lib/intercom-rails/config.rb

@@ -143,6 +143,16 @@ module IntercomRails
       end
     end
 
+    config_group :jwt do
+      config_accessor :enabled
+      config_accessor :expiry
+      config_accessor :signed_user_fields do |value|
+        unless value.nil? || (value.kind_of?(Array) && value.all? { |v| v.kind_of?(Symbol) || v.kind_of?(String) })
+          raise ArgumentError, "jwt.signed_user_fields must be an array of symbols or strings"
+        end
+      end
+    end
+
   end
 
 end

data/lib/intercom-rails/script_tag.rb

@@ -2,6 +2,7 @@
 
 require 'active_support/all'
 require 'action_view'
+require 'jwt'
 
 module IntercomRails
 
@@ -17,7 +18,7 @@ module IntercomRails
     include ::ActionView::Helpers::TagHelper
 
     attr_reader :user_details, :company_details, :show_everywhere, :session_duration
-    attr_accessor :secret, :widget_options, :controller, :nonce, :encrypted_mode_enabled, :encrypted_mode
+    attr_accessor :secret, :widget_options, :controller, :nonce, :encrypted_mode_enabled, :encrypted_mode, :jwt_enabled, :jwt_expiry
 
     def initialize(options = {})
       self.secret = options[:secret] || Config.api_secret
@@ -25,14 +26,22 @@ module IntercomRails
       self.controller = options[:controller]
       @show_everywhere = options[:show_everywhere]
       @session_duration = session_duration_from_config
-      self.user_details = options[:find_current_user_details] ? find_current_user_details : options[:user_details]
+      self.jwt_enabled = options[:jwt_enabled] || Config.jwt.enabled
+      self.jwt_expiry = options[:jwt_expiry] || Config.jwt.expiry
+
+      initial_user_details = if options[:find_current_user_details]
+        find_current_user_details
+      else
+        options[:user_details] || {}
+      end
+
+      lead_attributes = find_lead_attributes
+
+      self.user_details = initial_user_details.merge(lead_attributes)
 
       self.encrypted_mode_enabled = options[:encrypted_mode] || Config.encrypted_mode
       self.encrypted_mode = IntercomRails::EncryptedMode.new(secret, options[:initialization_vector], {:enabled => encrypted_mode_enabled})
 
-      # Request specific custom data for non-signed up users base on lead_attributes
-      self.user_details = self.user_details.merge(find_lead_attributes)
-
       self.company_details = if options[:find_current_company_details]
         find_current_company_details
       elsif options[:user_details]
@@ -45,7 +54,7 @@ module IntercomRails
       return false if user_details[:excluded_user] == true
       valid = user_details[:app_id].present?
       unless @show_everywhere
-        valid = valid && (user_details[:user_id] || user_details[:email]).present?
+        valid = valid && @has_identity
       end
       if nonce
         valid = valid && valid_nonce?
@@ -113,12 +122,45 @@ module IntercomRails
       "window.intercomSettings = #{plaintext_javascript};#{intercom_encrypted_payload_javascript}(function(){var w=window;var ic=w.Intercom;if(typeof ic===\"function\"){ic('update',intercomSettings);}else{var d=document;var i=function(){i.c(arguments)};i.q=[];i.c=function(args){i.q.push(args)};w.Intercom=i;function l(){var s=d.createElement('script');s.type='text/javascript';s.async=true;s.src='#{Config.library_url || "https://widget.intercom.io/widget/#{j app_id}"}';var x=d.getElementsByTagName('script')[0];x.parentNode.insertBefore(s,x);}if(document.readyState==='complete'){l();}else if(w.attachEvent){w.attachEvent('onload',l);}else{w.addEventListener('load',l,false);}};})()"
     end
 
+    def generate_jwt
+      return nil unless user_details[:user_id].present?
+      
+      payload = { user_id: user_details[:user_id].to_s }
+
+      if jwt_expiry
+        payload[:exp] = jwt_expiry.from_now.to_i
+      end
+
+      if Config.jwt.signed_user_fields.present?
+        Config.jwt.signed_user_fields.each do |field|
+          field = field.to_sym
+          payload[field] = user_details[field].to_s if user_details[field].present?
+        end
+      end
+
+      JWT.encode(payload, secret, 'HS256')
+    end
+
     def user_details=(user_details)
       @user_details = DateHelper.convert_dates_to_unix_timestamps(user_details || {})
       @user_details = @user_details.with_indifferent_access.tap do |u|
         [:email, :name, :user_id].each { |k| u.delete(k) if u[k].nil? }
 
-        u[:user_hash] ||= user_hash if secret.present? && (u[:user_id] || u[:email]).present?
+        @has_identity = (u[:user_id] || u[:email]).present?
+
+        if secret.present?
+          if jwt_enabled && u[:user_id].present?
+            u[:intercom_user_jwt] ||= generate_jwt
+            
+            u.delete(:user_id)
+            Config.jwt.signed_user_fields&.each do |field|
+              u.delete(field.to_sym)
+            end
+          elsif (u[:user_id] || u[:email]).present?
+            u[:user_hash] ||= user_hash
+          end
+        end
+        
         u[:app_id] ||= app_id
       end
     end

data/lib/intercom-rails/version.rb

@@ -1,3 +1,3 @@
 module IntercomRails
-  VERSION = "1.0.1"
+  VERSION = "1.1.1"
 end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: intercom-rails
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.1
 platform: ruby
 authors:
 - Ben McRedmond
 - Ciaran Lee
 - Darragh Curran
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-04-08 00:00:00.000000000 Z
+date: 2026-04-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -26,6 +26,20 @@ dependencies:
     - - ">"
       - !ruby/object:Gem::Version
         version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -102,28 +116,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: thin
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: tzinfo
   requirement: !ruby/object:Gem::Requirement
@@ -187,7 +187,7 @@ homepage: http://www.intercom.io
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -202,8 +202,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
-signing_key:
+rubygems_version: 3.0.3.1
+signing_key: 
 specification_version: 4
 summary: Rails helper for emitting javascript script tags for Intercom
 test_files: []