Participant Auto Authentication

If your program is configured to have participants login/authenticate, you can set up Participant Auto Authentication to automatically log participants into their browser.

Set up the client

Step 1: Require participants to login/authenticate within the Program Editor

Step 2: Generate a new Participant Auth Secret

Step 3: Copy your unique Participant Auth Secret (to use for later in the Setting up the server instructions).

Your Participant Auth Secret holds privileges, so be sure to keep it secure! Do not share your Participant Auth Secret in publicly accessible areas such as GitHub, Bitbucket, client code, etc.

Step 4: Go to the final instructions page within the Program Editor to copy the new GrowSurf Universal Code.

Once your program has a Participant Auth Secret, the installation instructions will be updated and you will need to re-install a newly generated GrowSurf Universal Code snippet.

This new GrowSurf Universal Code snippet contains a new window.grsfConfig Object. Remember to replace two values: (1) set email as the participant's email address, and (2) set hash as the value you receive from setting up the server. See the example code block below:

<script type="text/javascript">
  window.grsfConfig = {
    email: "[email protected]", // Replace this with the participant's email address
    hash: "HASH_VALUE" // Replace this with the SHA-256 HMAC value
  };

  (function(g,r,s,f){g.growsurf={};g.grsfSettings={campaignId:"k1o87e",version:"2.0.0"};s=r.getElementsByTagName("head")[0];f=r.createElement("script");f.async=1;f.src="http://localhost:3000/static/growsurf.js"+"?v="+g.grsfSettings.version;f.setAttribute("grsf-campaign", g.grsfSettings.campaignId);!g.grsfInit?s.appendChild(f):"";})(window,document);
</script>

Set up the server

On your server, you will need to create a Hash-based message authentication code (HMAC).

Step 1: Implement SHA-256 HMAC, passing in the following values:

The Participant Auth Secret (from Step 3 of the Setting up the client section)
The participant's email address

Below is an example of the HMAC implementation in Node.js:

require("crypto")
  .createHmac("sha256", "<YOUR_SECRET>")
  .update("[email protected]")
  .digest("hex");

Testing

Test your Participant Auto Authentication implementation by going to the URL in which you have installed GrowSurf.

Then load or refresh the page. If successful, you should be authenticated as a participant.

Below are additional references that may be helpful:

JavaScript Web API method growsurf.init()
Single Page Applications

Last updated 29 days ago

Was this helpful?

hashtagSet up the client

hashtagSet up the server

hashtagTesting

Set up the client

Set up the server

Testing