dosubot[bot] commented on issue #35261: URL: https://github.com/apache/superset/issues/35261#issuecomment-3326683905
<!-- Greeting --> Hi @natasha-tc! I'm [Dosu](https://go.dosu.dev/dosubot) and Iām helping the superset team. <!-- Answer --> This is a known issue with the @superset-ui/embedded-sdk: after a dashboard is unmounted, the SDK continues to call fetchGuestToken every few minutes because the unmount() method does not cancel the internal timers for token refresh. This leads to repeated token refresh attempts and "Insufficient Permissions" errors if the user is logged out or their session has ended. There is currently no built-in way to stop these calls after unmounting, which can cause multiple parallel errors if several dashboards are embedded at once [[source](https://github.com/apache/superset/issues/34529)]. Guest tokens are short-lived JWTs (default 5 minutes, configurable via GUEST_TOKEN_JWT_EXP_SECONDS), and Superset enforces permissions on every request. If a token expires or the session is invalid, refresh attempts will fail and trigger permission errors [[source](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/manager.py)]. To mitigate this until the SDK is fixed: - Make sure to call unmount() on the dashboard when the embedding component is destroyed, but be aware this does not stop token refresh timers. - Consider implementing additional logic in your integration to track user session/logout state and prevent further embed attempts or suppress repeated error popups after logout. - Review your backend and dashboard configuration to ensure guest tokens are correctly scoped and have appropriate expiration settings [[source](https://github.com/apache/superset/discussions/33912)]. If you need to reduce the frequency of these errors, you can lower the guest token expiration time (GUEST_TOKEN_JWT_EXP_SECONDS) so tokens expire and refresh less often, but this is a tradeoff with user experience. There is currently no official workaround in the SDK for this cleanup issue, so monitoring for SDK updates or contributing a fix may be necessary. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/094e53c1-85bc-4a64-add9-98a335c3ee0e?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/094e53c1-85bc-4a64-add9-98a335c3ee0e?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/094e53c1-85bc-4a64-add9-98a335c3ee0e?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/094e53c1-85bc-4a64-add9-98a335c3ee0e?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/094e53c1-85bc-4a64-add9-98a335c3ee0e?feedback_type=hallucination) | [Report š](https://app.dosu.dev/response-feedback/094e53c1-85bc-4a64-add9-98a335c3ee0e?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/094e53c1-85bc-4a64-add9-98a335c3ee0e?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=githu b) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/35261) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
