Design pillar: identity state machine (HMAC/JWT first-class, no session leaks)

Identity is the second-most-reported failure class across competitors — stale users, HMAC rejections, session leaks across logins, custom attributes dropped silently.

## Evidence

- \`devrnt/react-use-intercom#820\` — "Add support for \`auth_tokens\` in boot/update" https://github.com/devrnt/react-use-intercom/issues/820
- \`devrnt/react-use-intercom#813\` — "Support for \`intercom_user_jwt\` prop" (workaround stuffs JWT into \`customAttributes\`) https://github.com/devrnt/react-use-intercom/issues/813
- \`devrnt/react-use-intercom#668\` — "User Hash Property / Formatting" https://github.com/devrnt/react-use-intercom/issues/668
- \`devrnt/react-use-intercom#805\` — "user_id and company_id being removed in user payload" https://github.com/devrnt/react-use-intercom/issues/805
- \`devrnt/react-use-intercom#563\` — "Running \`boot(IntercomProps)\` results in unknown user" https://github.com/devrnt/react-use-intercom/issues/563
- \`nhagen/react-intercom#61\` — "Support for \`user_hash\` for Identity Verification" https://github.com/nhagen/react-intercom/issues/61
- \`crisp-im/crisp-sdk-web#32\` — "Session reset and tokenId set not consistent" https://github.com/crisp-im/crisp-sdk-web/issues/32
- \`crisp-im/crisp-sdk-web#19\` — "Impossible de changer de tokenId sans recharger la page" https://github.com/crisp-im/crisp-sdk-web/issues/19
- \`crisp-im/crisp-sdk-web#49\` — "Crisp Session Continuity not working" https://github.com/crisp-im/crisp-sdk-web/issues/49
- \`crisp-im/crisp-sdk-web#51\` — "setCompany does not include geolocation in payload" https://github.com/crisp-im/crisp-sdk-web/issues/51
- \`multivoltage/react-use-zendesk#89\` — "Login Callback Not Exposed for Error Handling" (JWT refresh flow) https://github.com/multivoltage/react-use-zendesk/issues/89
- \`chatwoot/chatwoot#7065\` — "setUser not work anymore" https://github.com/chatwoot/chatwoot/issues/7065
- \`chatwoot/chatwoot#13448\` — "setUser() does not update existing contact fields" https://github.com/chatwoot/chatwoot/issues/13448
- \`chatwoot/chatwoot#3458\` — "setCustomAttributes fails due to HMAC failed error" https://github.com/chatwoot/chatwoot/issues/3458

## Unified identity model

\`\`\`ts
identify({
  id: string
  email?: string
  name?: string
  phone?: string
  // Typed verification — per-provider discriminated union
  verification?:
    | { kind: "hmac"; hash: string }          // Intercom, Chatwoot, Beacon, Gist
    | { kind: "jwt"; token: string }          // Drift, Freshchat
    | { kind: "callback"; getToken: () => Promise<string> }  // Zendesk Messenger
}): Promise<IdentityState>
\`\`\`

### Rules

1. State machine: \`anonymous → identified(u1) → identified(u2) → anonymous\`. Every transition (a) calls provider-specific reset (b) verifies window object cleared (c) emits \`onIdentityChange\`.
2. \`identify()\` returns a \`Promise\` that resolves only when the next ping confirms the new identity.
3. Provider config flag \`enforceVerification: true\` makes \`verification\` required at the type level. Missing ⇒ compile error.
4. Never compute HMACs in the browser. Document that \`hash\` must come from your server.
5. For callback-based flows (Zendesk), invoke \`getToken\` on 401 refresh.
6. Expose \`onIdentityChange((prev, next) => …)\` so consumers can mirror into their analytics.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Design pillar: identity state machine (HMAC/JWT first-class, no session leaks) #4

Evidence

Unified identity model

Rules

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Design pillar: identity state machine (HMAC/JWT first-class, no session leaks) #4

Description

Evidence

Unified identity model

Rules

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions