Authenticating Customers with Apple Auth

Enterprises can send an authentication type message on Apple Messages for Business to prompt the user to login with their credentials right within the message window. This level of authentication opens up a whole new set of sensitive customer support use-cases seamlessly possible.

Prerequisites

Apple Messages for Business account
OAuth authorization endpoint, OAuth token endpoint, OAuth client ID - These details need to be entered on your Apple Messages for Business account within Apple Business Register. These details will be provided by you OAuth provider. Below is an example that we setup using LinkedIn’s OAuth service.
OAuth client secret - This needs to be entered on the ‘manage app’ section of Apple Messages for Business app on Webex Connect UI.

Using Authentication in a flow

Once your authentication configuration is setup on both Apple Business Register and Webex Connect, you can start using it in a flow.

Each type of interactive message on Apple Messages for Business usually have two styles that need to be defined -

Received Message - This configuration defines how the initial authentication message is displayed to the customer including title, subtitle, image and size of the bubble
Reply Message - This configuration defines the message presented to the user after the interaction is complete
Within the flow node, you can configure how the message is displayed to the user and also other OAuth properties such as ‘Scopes’ and ‘Response Types’

Below is an example of a user journey using LinkedIn OAuth APIs as an example -

Once an authentication request is sent, you can use the receive node to wait for user response and take the subsequent action.

Sample API Request

Apple Auth is also supported through Connect's messaging API. Below is a sample request.

Here is the sample request, to use it in API.

{
   "appid":"a_636914165400010000",
   "correlationid":"ABCText123",
   "callbackData":"ABCRegAutomationstg",
   "notifyurl":"https://requestinspector.com/p/01dephvmctpzw12mrrgvrykg83",
   "deliverychannel":"AppleBusinessChat",
   "channels":{
      "AppleBusinessChat":{
         "type":"interactive",
         "interactiveData":{
            "data":{
               "version":"1.0",
               "requestIdentifier":"21d4a1c4-327c-ba35-45b1-36a050b15ad212-711",
               "images":[
                  {
                     "identifier":"6de6a59c-846f-45d8-a1d7-24382d9919d1",
                     "url":"http://drohnemieten.dein-betrieb.com/wp-content/uploads/2017/05/maxresdefault.jpg"
                  },
                  {
                     "identifier":"b70de3eb-a412-4fdd-a4b1-cb4eef853ded",
                     "url":"http://www.tompetty.com/sites/g/files/g2000007521/f/sample1_1.jpg"
                  }
               ],
               "authenticate":{
                  "oauth2":{
                     "responseType":"code",
                     "scope":[
                        "r_liteprofile"
                     ]
                  }
               }
            },
            "receivedMessage":{
               "subtitle":"hhh1!",
               "title":"Sign In to LinkedIn",
               "imageIdentifier":"6de6a59c-846f-45d8-a1d7-24382d9919d1"
            },
            "replyMessage":{
               "subtitle":"this is sub!",
               "title":"You Signed In",
               "imageIdentifier":"b70de3eb-a412-4fdd-a4b1-cb4eef853ded"
            }
         }
      }
   },
   "destination":[
      {
         "abcUserId":[
            "urn:mbid:AQAAY3cnOb7D+iCja4lzroWImGAC2QzKl1EnKaWl+XD/Mf52YjdOgSnTnb0HLontidf8PKkzEB0sNjco/S3Nmwc8Bp3iPZcxh/TeOMcqUFF2Kl1O5JxcJpVLwOemJRYwp+RhHqR33hzCQ+Z+9FYL4/tdCxtyEbxxxxxxxx"
         ]
      }
   ]
}

Once the message is received Apple Auth will send the client info as token to the OAuth provider for authentication. The OAuth provider will then validate the token against the OAuth provider details and sends the notification in cases of Successful or Failed authentication.

Once the customer is authenticated, you will receive the following JSON back.

Webhook Payload

{
   "abcUserId":"urn:mbid:AQAAY3cnOb7D+iCja4lzroWImGAC2QzKl1EnKaWl+XD/Mf52YjdOgSnTnb0HLontidf8PKkzEB0sNjco/S3Nmwc8Bp3iPZcxh/TeOMcqUFF2Kl1O5JxcJpVLwOemJRYwp+RhHqR33hzCQ+Z+9FYL4/tdCxtyEbw=",
   "channel":"AppleBusinessChat",
   "abcAccountId":"2d15f71d-b227-4a10-95ae-6c6a2eff1991",
   "appId":"a_636914165400010000",
   "event":"AuthenticationResponse",
   "ts":"2020-06-18T12:01:28.406+01:00",
   "tid":"bcf815fa-13e3-e0c6-22a3-acf3e4115371",
   "authenticateStatus":"authenticated",
   "authenticateToken":"AQWw-4bU6Hw_A1xkFVhlYzLpcVWBjM-bvgswFMHyfghvcfOOKs5QLNyI09yEMnAPl2dvVEIY1n_jxsYd6Pl4-4UA6SvPPOv23Jk86WWiB18boPZlPVqBAXHZ11JpMGmLrARd7XvgnsBCE9h9Q3RHma64Tq_nFcMMapEbVT59-EymVASCDLPhYEQKXf3q9GPINw9FpWtl2aTHA73rKUb3Wt8b7vNOOAeYMxQezpS8MlKbk6jQ3enUYoRBzGajiQjbEzeJuh0mnYu8vwIknd0SRU7dmHRzHwd7tK52GVGsPPUQ-TetIcNpcHhu3XNVqHhFIZqQ2f2Ctxh_Xjpq9j4uROCI1VNMLA",
   "requestIdentifier":"21d4a1c4-327c-ba35-45b1-36a050b15ad212-711",
   "capabilities":"AUTH%2C0.91",
   "timezone":"2020-06-18T12:01:28.406+01:00",
   "deviceAgent":"iPhone+OS"
}

{
   "abcUserId":"urn:mbid:AQAAY3cnOb7D+iCja4lzroWImGAC2QzKl1EnKaWl+XD/Mf52YjdOgSnTnb0HLontidf8PKkzEB0sNjco/S3Nmwc8Bp3iPZcxh/TeOMcqUFF2Kl1O5JxcJpVLwOemJRYwp+RhHqR33hzCQ+Z+9FYL4/tdCxtyEbw=",
   "channel":"AppleBusinessChat",
   "abcAccountId":"2d15f71d-b227-4a10-95ae-6c6a2eff1991",
   "appId":"a_636914165400010000",
   "event":"AuthenticationResponse",
   "ts":"2020-06-18T12:02:32.649+01:00",
   "tid":"5958f185-c912-7363-cbb2-dbe3bb5e2e92",
   "authenticateStatus":"failed",
   "authenticateToken":{
      "status":"Failure",
      "code":1,
      "description":"Unsupported elliptic curve point type"
   },
   "requestIdentifier":"21d4a1c4-327c-ba35-45b1-36a050b15ad212-711",
   "capabilities":"AUTH%2C0.91",
   "timezone":"2020-06-18T12:02:32.649+01:00",
   "deviceAgent":"iPhone+OS"
}