Lau08 commented on issue #25870: URL: https://github.com/apache/superset/issues/25870#issuecomment-3167684324
> [@Lau08](https://github.com/Lau08) Can you tell me what SUPERSET_GUEST_SECRE is and where it is obtained? Your backend receives a request from your web app asking to view an embedded dashboard. It uses `SUPERSET_GUEST_SECRET` to create a signed guest token for that specific user and dashboard. Superset verifies the signature with the same secret before granting access. It ensures only requests created by your backend can generate valid guest tokens, preventing unauthorized access. This secret can be any string like a guid, that is going to be defined in `superset_config.py` kind of this: `GUEST_TOKEN_JWT_SECRET = "your-secret-here"` or the guid you generate, and the same use here `const token = encodeJwt(payload, SUPERSET_GUEST_SECRET);` where `SUPERSET_GUEST_SECRET` is the private key used by encodeJwt to sign the payload, creating a token that Superset can verify to confirm the request is genuine. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
