Overview
SSO lets you pass your website’s authenticated user identity to the chat widget. Users are automatically recognized without needing to log in again on the agent page. This enables:- Chat history persistence across sessions
- User memory (the agent remembers preferences)
- Skip login gates
- Subscriber tracking and analytics
How It Works
- You generate an SSO secret in your agent dashboard
- Your backend creates a signed JWT containing the user’s identity
- The widget passes the JWT to the agent page
- BoostGPT verifies the signature and auto-creates or links a subscriber
Setup
1. Generate an SSO Secret
- Go to your agent’s Deploy page
- Find the SSO Secret section under Chat Widget
- Click Generate
- Copy the secret — it’s only shown once
2. Sign a JWT on Your Backend
Use the secret to create a signed token containing the user’s identity.3. Pass the Token to the Widget
JWT Payload
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User’s email address |
name | string | No | Display name |
external_id | string | No | Your system’s user ID (for tracking) |
What Happens on Verification
When the widget loads with a valid SSO token:- BoostGPT verifies the JWT signature against your SSO secret
- If the user doesn’t exist in BoostGPT, an account is automatically created (pre-verified)
- A subscriber record is created for your agent’s project
- Free tier credits are granted if applicable
- The user is authenticated in the chat — history and memory work immediately
Security
- Never expose your SSO secret in browser code — always sign JWTs on your server
- Tokens expire after 1 hour — generate fresh tokens on each page load
- Regenerating the SSO secret invalidates all existing tokens immediately
- Invalid or expired tokens are silently ignored — the user continues as anonymous
- BoostGPT only accepts HS256 algorithm to prevent algorithm-switching attacks