Automatically login to UserJot

UserJot’s Automatic Login feature allows users who are already signed into your website or application to access your UserJot feedback boards without needing to log in separately. This creates a smoother experience for your users.

1. Enable Automatic Login in Settings

1. Log in to your UserJot Dashboard.
2. Go to Settings in the main menu.
3. Select the SSO tab.
4. Find the Automatic Login section and switch the toggle to the “on” position.

Require Signed Tokens (Recommended)

For added security, you can enable the Require signed tokens option using the toggle in the same section.

When enabled, automatic login will only work if you provide a securely generated signature when identifying the user. This adds an extra layer of security to verify the user’s identity. We strongly recommend enabling this option.

2. Add the UserJot SDK to Your Website/App

To use Automatic Login, you need to add the following single script block to your website or application.

Place this script preferably in the <head> of your HTML document, or early in the <body>.

<script>window.$ujq=window.$ujq||[];window.uj=window.uj||new Proxy({},{get:(_,p)=>(...a)=>window.$ujq.push([p,...a])});document.head.appendChild(Object.assign(document.createElement('script'),{src:'https://cdn.userjot.com/sdk/v1/uj.js',async:!0}));</script>

3. Initialize the SDK and Identify Users

After adding the script block above, you need to initialize it with your Project ID and identify the currently logged-in user. You can find your Project ID on the Settings > SSO page in your UserJot dashboard.

Add the following script block after the SDK loader script, replacing "YOUR_PROJECT_ID" and the user details with the actual data for the logged-in user. The id and email fields are required.

This JavaScript snippet first initializes the UserJot SDK using your specific Project ID. Then, it identifies the currently logged-in user to UserJot, passing their unique ID, email, and optional details like name and avatar.

<script>
  // Initialize UserJot with your Project ID
  window.uj.init("YOUR_PROJECT_ID");

  // Identify the currently logged-in user
  window.uj.identify({
    id: "USER_UNIQUE_ID", // Required: Unique identifier for the user in your system
    email: "user@example.com", // Required: User's email address
    firstName: "John", // Optional: User's first name
    lastName: "Doe", // Optional: User's last name
    avatar: "URL_TO_USER_AVATAR" // Optional: URL to the user's profile picture
  });
</script>

Place this code where it can access the logged-in user’s information (e.g., after the user has logged into your site).

4. Implement Secure Authentication with Signatures

If you enabled the Require signed tokens option in your UserJot settings, you must include a signature field in the identify call.

Important: The signature must be generated on your server-side code using your Secret Key. Never generate the signature in the client-side JavaScript or expose your Secret Key in the browser. You can find your Secret Key on the Settings > SSO page in your UserJot dashboard. Keep this key confidential.

The signature is an HMAC SHA256 hash of the user’s unique ID (id field), created using your Secret Key.

Here is how the identify call looks with the signature:

This example shows the uj.identify call including the signature field. This signature, generated on your server, verifies the user’s identity when the “Require signed tokens” setting is enabled.

<script>
  window.uj.init("YOUR_PROJECT_ID");
  window.uj.identify({
    id: "USER_UNIQUE_ID",
    email: "user@example.com",
    firstName: "John",
    lastName: "Doe",
    avatar: "URL_TO_USER_AVATAR",
    signature: "GENERATED_HMAC_SIGNATURE" // Required if "Require signed tokens" is on
  });
</script>

Generating the Signature (Server-Side Examples)

You need to generate the GENERATED_HMAC_SIGNATURE on your server and pass it to your frontend to be included in the uj.identify call. Here are examples in various languages:

Node.js

This Node.js example uses the built-in crypto module to generate an HMAC SHA256 signature. It takes your UserJot Secret Key and the user’s ID as input and produces the required hexadecimal signature string.

const crypto = require('crypto');

const userJotSecretKey = 'YOUR_USERJOT_SECRET_KEY';
const userId = 'USER_UNIQUE_ID';

const signature = crypto
  .createHmac('sha256', userJotSecretKey)
  .update(userId)
  .digest('hex');

// Pass 'signature' to your frontend

Python

This Python example uses the hmac and hashlib modules. It computes the HMAC SHA256 signature using byte strings for both the secret key and the user ID, returning the hex digest.

import hmac
import hashlib

user_jot_secret_key = b'YOUR_USERJOT_SECRET_KEY' # Note: Use bytes
user_id = b'USER_UNIQUE_ID' # Note: Use bytes

signature = hmac.new(user_jot_secret_key, user_id, hashlib.sha256).hexdigest()

# Pass 'signature' to your frontend

PHP

This PHP example uses the hash_hmac function. It generates the HMAC SHA256 signature directly using the user ID and your secret key.

<?php
$userJotSecretKey = 'YOUR_USERJOT_SECRET_KEY';
$userId = 'USER_UNIQUE_ID';

$signature = hash_hmac('sha256', $userId, $userJotSecretKey);

// Pass $signature to your frontend
?>

Ruby

This Ruby example utilizes the openssl library. It generates the HMAC SHA256 hexdigest using your secret key and the user’s ID.

require 'openssl'

user_jot_secret_key = 'YOUR_USERJOT_SECRET_KEY'
user_id = 'USER_UNIQUE_ID'

signature = OpenSSL::HMAC.hexdigest('sha256', user_jot_secret_key, user_id)

# Pass signature to your frontend

C#

This C# example defines a static method GenerateSignature. It uses the System.Security.Cryptography.HMACSHA256 class to compute the hash from byte representations of the secret key and user ID, then formats the result as a lowercase hexadecimal string.

using System;
using System.Security.Cryptography;
using System.Text;

public static string GenerateSignature(string secretKey, string userId)
{
    var keyBytes = Encoding.UTF8.GetBytes(secretKey);
    var messageBytes = Encoding.UTF8.GetBytes(userId);

    using (var hmac = new HMACSHA256(keyBytes))
    {
        var hashBytes = hmac.ComputeHash(messageBytes);
        return BitConverter.ToString(hashBytes).Replace("-", "").ToLowerInvariant();
    }
}

// string userJotSecretKey = "YOUR_USERJOT_SECRET_KEY";
// string userId = "USER_UNIQUE_ID";
// string signature = GenerateSignature(userJotSecretKey, userId);
// Pass signature to your frontend

How It Works

Once the UserJot SDK is loaded (using the script from Step 2) and the user is identified (using the script from Step 3, with a valid signature if required), any UserJot links on that page (e.g., <a href="https://yourproject.userjot.com/">...</a> or <a href="https://feedback.yourdomain.com/">...</a>) will automatically include authentication information. When a user clicks such a link, they will be logged into your UserJot board as the identified user.