shenrie commented on issue #17187: URL: https://github.com/apache/superset/issues/17187#issuecomment-1152816578
@suddjian I am curious about this new embedded feature. Does it require that all users are precreated on the SS application before a dashboard can be accessed from an iframe in the host app? I have successfully embedded SS reports in our app using standard OAuth SSO. I had to write some custom python code in the values.yaml which the helm install injects into superset_config.py, but after that it works like a charm and does not require the user to be precreated in SS or to login to view reports. I use a shared OAuth service provider, Keycloak in my case, which our app uses to request the JWT access token and operates no differently than when using Google or some other authentication provider to provide SSO. I simply have to pass the signed JWT as an access token parameter with each dashboard URL request, which of course contain the user's scoped info and appropriate roles, and our dashboards are configured with using the SS dashboard role-based access feature. New users are created on the fly and SS roles are updated from the JWT token as needed, so very minimal ongoing coordination needed between our app and the SS app as our user base grows. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
