Skip to main content
Signed identity connects a logged-in customer in your app to the same person in Glean Feed, so they can submit, vote, comment, and react without a separate portal sign-in. Skip it and the SDK continues with anonymous browsing.
The signature is created on your server with the workspace widget secret. Never ship the secret in an app binary, and never sign identities in the app. The SDK only forwards a signature you generate — it has no signing helper by design.

The flow

  1. Your app asks your backend for a signature for the current customer.
  2. Your app calls GleanFeed.identify(...) with that signature.
  3. Glean Feed verifies it and opens authenticated views for that customer.
identify throws a typed GleanFeedError on failure; handle the error and continue anonymously when appropriate. Call GleanFeed.logout() when the customer signs out of your app. It clears Glean Feed identity and stored SDK tokens, not your app’s authentication.

The signature (server-side)

Same contract as the web widget. If the customer has an email, trim and lowercase it, then sign this compact JSON array:
If the customer has no email, sign the workspace and user ID:
Use HMAC-SHA256 and return the lowercase hex digest.
Sign with the same userId you pass to identify. When email is present, sign its trimmed, lowercased form; Glean Feed applies that same canonicalization to the submitted email before verification.

Confirm identity

After identify returns successfully, present feedback and submit or vote as the test customer. In the Glean Feed dashboard, open the request and confirm the expected customer is attached. Then call GleanFeed.logout(), reopen the view, and confirm the SDK returns to signed-out portal behavior.