Closed aguynamedben closed 8 years ago
I noticed the user_hash is present on the source code of the page, in the JS variable window.intercomSettings
:
window.intercomSettings = {"email":"<email>","name":"<name>","created_at":1395681256,"user_id":1234,"user_hash":"user_hash_value","app_id":"my_app_id"};
If I re-calculate what the user_hash should be based on your documents (using the Ruby method), like this:
OpenSSL::HMAC.hexdigest('sha256', "my_secret", 1234.to_s)
"user_hash_value"
The user_hash_value produced by my IRB shell doesn't match the user_hash_value present in the JavaScript this gem outputs.
Nevermind, problem on my side, sorry!
@aguynamedben im having the same problem, what did you do to fix it?
api_secret
and secure_mode_secret
are different.
You shouldn't try to use api_secret
to encrypt the user_hash
Make sure you use the right one to encrypt your user_hash
My problem was me misunderstanding my dev environment (I use the dotenv gem and had incorrectly setup the env variable in .env and .env.development)
Version info
Expected behavior
I expect Intercom to register the call.
Actual behavior
403 error from Intercom: {error_message: "incorrect user_hash"}
I can see when I look at the page source that user_hash is calculated and set to something, but I'm getting a 403 because the value isn't correct.
Are there any more docs on Secure Mode? All I can find is https://docs.intercom.io/configure-intercom-for-your-product-or-site/staying-secure/enable-secure-mode-on-your-web-product, and the link to https://gist.github.com/thewheat/7342c76ade46e7322c3e isn't sufficient because it doesn't say how to configure the user_hash with the gem. It looks like I shouldn't have to worry about setting user_hash if I'm using this gem because it's supposed to correctly set user_hash for me.
Thanks for your help.