You can easily initiate user authentication before allowing users to comment by calling tp.pianoId.isUserValid(). This call returns a boolean and gives you the opportunity to check whether a user is logged in or not, as well as the capability to create conditionals around commenting privileges.
If you want to restrict access to commenting only to users that have a particular level of access or are subscribers, you can also leverage existing methods to check access (https://docs.piano.io/checking-access).
To retrieve the user info on the client side - use tp.pianoId.getUser(). If you need to validate the identity of the user - you can use tp.pianoId.getToken(), and validate the JWT signature of the token with the JWT verification shared secret that can be found in the Identity Management settings page in publisher dashboard.
Important note: The JWT verification shared secret is base64 encoded and needs to be decoded first before using it to verify the JWT token.
In JavaScript, you can for example use the atob() function.
A Python sample code for decoding the JWT verification shared secret can be found below:
import jwt
import base64
jwt.decode(token, base64.b64decode(secret), algorithms="HS256", audience="<Piano_AID>")
Based on the user access validation or user state you can then show or hide commenting as appropriate.