Skip to main content
Skip table of contents

Get Details about the Logged-in User

To complete this step, you'll fill out the loggedInDataFn to get details about the logged-in user. When a user comes from an email, we use this function to make sure the user who came from the email is the same as the one who is logged in (if anyone is logged in at all).

If your site uses profile attributes, you can pass profile attributes for the user, which allows us to pre-populate the review form with the user's data.


  1. Familiarize yourself with the function reference for this step, which covers the loggedInDataFn and loggedInDataFnDone functions.

  2. Inside the loggedInDataFn function, add code to check the user's logged-in status.

  3. If the user is logged in, generate the loggedInData, which is a JWT token you'll need to compute on the server side using your site's authKey. The authKey is available in your site's settings area.

    For details on the contents of the loggedInData, see the function reference for loggedInDataFnDone.

    If the user is not logged in, the value of loggedInData should be null.

  4. From the PDP, make a callback to the loggedInDataFnDone function with the loggedInData.
    (info) Confirm that if the user is not logged in, the value of loggedInData is null.
    The callback looks like this:

    TurnToCmd('loggedInDataFnDone', { context: contextObj, loggedInData: data });

When you're done with this step, the loggedInDataFnDone function might be structured something like this:

var turnToConfig = {
    sso: {
        loggedInDataFn: function(contextObj){
          if (isUserLoggedIn) {
            // call an endpoint on your site that will provide the logged-in data
            $.get( "user/sso/loggedInData", function( data ) {
              // callback to Emplifi with result
              TurnToCmd('loggedInDataFnDone', { context: contextObj, loggedInData: data });
          } else {            
            // if the user is not logged in, there still needs to be a call back to Emplifi.
            // in this case the loggedInData should be "null".
            TurnToCmd('loggedInDataFnDone', { context: contextObj, loggedInData: null });

Examples and function reference

loggedInData generation example

Here is an example implementation of a server-side call to retrieve user data and generate the JWT loggedInData. The key used in the example is aaa-aaa. In a real implementation, it would be your site's authKey. This example is in PHP, but you are free to use Java or C# or whatever backend language your site uses on the server side.

loggedInData generation example
* Check for logged in user in session. If set and valid, regenerate user token and send response to browser
function getLoggedInData() {
   if (array_key_exists('user', $_SESSION)) {
       $user = unserialize($_SESSION['user']);

       if ($user->isLoggedIn()) {
           // user token should be refreshed to get new expiration time.
           $userData = array (
               'pa' => array ( 
                   '{"name": "profile_text_field", "value": "Free text about '. $user->firstName . '"}'
               'iss' => 'Emplifi',
               'exp' => time() + 86400,
               'ua' => $user->userAuthToken,
               'e' => $user->emailAddress

           return JWT::encode($userData, 'aaa-aaa', 'HS256');
       } else {
           return null;


This function is called by Emplifi code to retrieve details about a user who is currently logged in on your site. The operation is handled asynchronously, so this function does not have a return value. When a result is ready, your code makes a callback to the loggedInDataFnDone function.




Encrypted state of the user's in-progress action at the time SSO verification or login was triggered. This data should be included in the callback unaltered.

Technical Details: The contextObj is encoded in Base-64. Although it should not be modified, if you need more information you can decode it to read the following fields:

  • sku: the product SKU relevant to the request for logged-in profile data. This will typically be the SKU from the Product Detail Page that the user is browsing.

  • rating: if the logged-in data request was triggered by a click on a star-rating in order to start a product review, this contains the rating value (1-5) that was selected. Otherwise this field will not be present.

Return value

There is no return value.


This function is called by your code when user data for the currently logged-in user has been retrieved. This data can also pre-populate the user's profile data in a review form. The function is provided for your use via the TurnToCmd object.



loggedInData (String)

A JWT token generated by your site. If the current user is not logged-in, the value of loggedInData should be null. If the user is logged-in, the token will contain the following data formatted as an encrypted JSON String:

  • ua: user auth token -- a String that uniquely identifies the user on your site. This will be used as a key to synchronize the user's data between your site and Emplifi Ratings & Reviews.

    • Required.

    • Maximum length: 255 characters.

  • pa: profile attributes -- a JSON array of profile attribute objects, each with a "name" and "value" property. If the user does not have any profile attributes stored by your site, pa can be omitted.

    • Optional.

    • Maximum length: 1024 characters.

  • iss: issuer -- a String with the value "TurnTo".

    • Required.

  • exp: expiration -- a timestamp, in seconds, indicating when the token expires.

    • Required.

  • e: email -- the user's email address as a String.

    • Optional, but strongly recommended.

    • Maximum length: 255 characters.

context (String)

The encrypted data passed to loggedInDataFn as the contextObj argument. This should not be altered by your code.

Return value

There is no return value.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.