damodhar-admin commented on issue #36377:
URL: https://github.com/apache/superset/issues/36377#issuecomment-3605348769
I have one clarification:
Is the backend token endpoint mandatory in order to use the Embedded SDK?
From what I understood, the SDK requires a valid guest token (JWT) that is
signed using the GUEST_TOKEN_JWT_SECRET, and Superset will not generate this
token by itself.
If this is correct, then I need to generate the guest token from my backend
application (Next.js).
In that case, can you please confirm if this is the required approach:
1. Create a backend API endpoint to generate guest tokens
For example, in Next.js:
// /api/superset-token
import jwt from "jsonwebtoken";
export default function handler(req, res) {
const payload = {
user: { username: "viewer" },
resources: [{ type: "dashboard", id: "<dashboard_id>" }],
rls: [],
type: "guest",
aud: "superset",
};
const token = jwt.sign(
payload,
process.env.SUPERSET_SECRET, // Same as GUEST_TOKEN_JWT_SECRET
{ algorithm: "HS256", expiresIn: "10m" }
);
res.status(200).send(token);
}
2. Pass this token to the Embedded SDK
fetchGuestToken: () =>
fetch("/api/superset-token").then((res) => res.text()),
3. Superset validates the token and loads the dashboard in read-only mode
Please confirm if this backend token endpoint is indeed required and whether
this implementation aligns with Superset’s recommended approach for embedded
dashboards.
Thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
