GitHub user dosubot[bot] added a comment to the discussion: How to obtain
guest_token for embedded-sdk after integrating Azure OAUTH?
<!-- Answer -->
To obtain a guest token for the embedded SDK after integrating Azure OAUTH when
deploying Superset using a helm chart, you need to make an authenticated HTTP
`POST` request to the `/security/guest_token` endpoint. The request must
include parameters that define the access granted by the guest token. Ensure
that the agent making the request has the `can_grant_guest_token` permission.
Here is an example of the `POST /security/guest_token` payload:
```json
{
"user": {
"username": "stan_lee",
"first_name": "Stan",
"last_name": "Lee"
},
"resources": [{
"type": "dashboard",
"id": "abc123"
}],
"rls": [
{ "clause": "publisher = 'Nintendo'" }
]
}
```
Alternatively, you can create a guest token directly in your app by
constructing a JSON object and signing it with the secret set in the
configuration variable `GUEST_TOKEN_JWT_SECRET`. Here is an example JSON:
```json
{
"user": {
"username": "embed...@embedded.fr",
"first_name": "embedded",
"last_name": "embedded"
},
"resources": [
{
"type": "dashboard",
"id": "d73e7841-9342-4afd-8e29-b4a416a2498c"
}
],
"rls_rules": [],
"iat": 1730883214,
"exp": 1732956814,
"aud": "superset",
"type": "guest"
}
```
Ensure that the JSON is signed with the `GUEST_TOKEN_JWT_SECRET` to create a
valid guest token.
Additionally, when embedding a Superset dashboard using the embedded SDK, you
can define a function to fetch the guest token from your Host App's backend
server. This function should return a promise that resolves to the guest token
string. The `embedDashboard` function in the SDK will use this function to
obtain and refresh the guest token as needed
<sup>[[1]](https://github.com/apache/superset/blob/master/superset-embedded-sdk/README.md)</sup><sup>[[2]](https://github.com/apache/superset/blob/master/superset-embedded-sdk/src/index.ts)</sup>.
I also found a similar discussion thread that might be helpful: [How to obtain
guest_token for embedded-sdk after integrating Azure
OAUTH?](https://github.com/apache/superset/discussions/33052)
<sup>[[3]](https://github.com/apache/superset/discussions/33052)</sup>.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
---
<sup>Help Dosu learn! Give it feedback: [Great
Response](https://app.dosu.dev/response-feedback/e00b6d80-4016-4ee4-8440-93979fae62c6?feedback_type=great_response)
| [Irrelevant
Answer](https://app.dosu.dev/response-feedback/e00b6d80-4016-4ee4-8440-93979fae62c6?feedback_type=irrelevant_answer)
| [Incorrect
Sources](https://app.dosu.dev/response-feedback/e00b6d80-4016-4ee4-8440-93979fae62c6?feedback_type=incorrect_sources)
| [Too
Verbose](https://app.dosu.dev/response-feedback/e00b6d80-4016-4ee4-8440-93979fae62c6?feedback_type=too_verbose)
|
[Hallucination](https://app.dosu.dev/response-feedback/e00b6d80-4016-4ee4-8440-93979fae62c6?feedback_type=hallucination)
| [Bug
Report](https://app.dosu.dev/response-feedback/e00b6d80-4016-4ee4-8440-93979fae62c6?feedback_type=bug_report)
|
[Other](https://app.dosu.dev/response-feedback/e00b6d80-4016-4ee4-8440-93979fae62c6?feedback_type=other)</sup>
GitHub link:
https://github.com/apache/superset/discussions/33065#discussioncomment-12782150
----
This is an automatically sent email for notifications@superset.apache.org.
To unsubscribe, please send an email to:
notifications-unsubscr...@superset.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org
