GitHub user dosubot[bot] added a comment to the discussion: The issue regarding obtaining an Embedded Token
<!-- Answer --> When you access Superset via embedding with a guest_token, the "current visitor" is a special GuestUser created from the claims in that token. This user is authenticated, but is not a regular logged-in user or the anonymous Public user. Superset checks permissions for dashboards, charts, and datasets based on the resources listed in the guest_token and the permissions of the guest role (by default, the "Public" role, but configurable via `GUEST_ROLE_NAME`) [[code reference](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/guest_token.py)]. If you see "Forbidden" errors on API endpoints like `/api/v1/dashboard/10`, it means the guest_token does not include the required resource (dashboard, chart, or dataset), or the guest role does not have permission to access it. To resolve this: 1. Make sure the guest_token includes the correct resources (dashboard, chart, dataset IDs) in its `resources` claim. 2. Ensure the guest role (usually "Public") has the necessary permissions to access those resources. You may need to adjust the role's permissions in Superset's security settings. 3. The dashboard must be published and configured for embedding, and the embedding domain must be allowed [[code reference](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/dashboards/filters.py)]. So, you should grant authorization to the guest user defined by the guest_token—by both including the right resources in the token and ensuring the guest role has access to those resources. If either is missing, Superset will return a 403 Forbidden error [[code reference](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/manager.py)]. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/575852c4-96ca-4a44-97bf-41f77118680c?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/575852c4-96ca-4a44-97bf-41f77118680c?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/575852c4-96ca-4a44-97bf-41f77118680c?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/575852c4-96ca-4a44-97bf-41f77118680c?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/575852c4-96ca-4a44-97bf-41f77118680c?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/575852c4-96ca-4a44-97bf-41f77118680c?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/575852c4-96ca-4a44-97bf-41f77118680c?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/35670) GitHub link: https://github.com/apache/superset/discussions/35670#discussioncomment-14695540 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
