GitHub user stgztsw added a comment to the discussion: The issue regarding obtaining an Embedded Token
> You only need to include the dashboard ID in the `resources` field when > creating a guest token for embedding. Superset automatically grants access to > the charts and datasets associated with that dashboard—there’s no need to > list chart or dataset IDs explicitly. If you add or replace charts in the > dashboard, you do not need to update the guest token as long as the dashboard > ID stays the same. This makes embedding much easier to maintain, even as > dashboards change frequently. For best security, use a limited role (like > `gamma`) for guest users, and make sure your dashboard is published and > embedding is configured correctly. > [Reference](https://github.com/apache/superset/issues/26201) > [Reference](https://github.com/apache/superset-embedded-sdk/README.md) > > _To reply, just mention [@dosu](https://go.dosu.dev/dosubot)._ > > How did I do? > [Good](https://app.dosu.dev/response-feedback/7ebc95c7-dc95-4caa-a964-6d2de787b07f?feedback_type=great_response) > | > [Irrelevant](https://app.dosu.dev/response-feedback/7ebc95c7-dc95-4caa-a964-6d2de787b07f?feedback_type=irrelevant_answer) > | > [Incorrect](https://app.dosu.dev/response-feedback/7ebc95c7-dc95-4caa-a964-6d2de787b07f?feedback_type=incorrect_sources) > | > [Verbose](https://app.dosu.dev/response-feedback/7ebc95c7-dc95-4caa-a964-6d2de787b07f?feedback_type=too_verbose) > | > [Hallucination](https://app.dosu.dev/response-feedback/7ebc95c7-dc95-4caa-a964-6d2de787b07f?feedback_type=hallucination) > | [Report > 🐛](https://app.dosu.dev/response-feedback/7ebc95c7-dc95-4caa-a964-6d2de787b07f?feedback_type=bug_report) > | > [Other](https://app.dosu.dev/response-feedback/7ebc95c7-dc95-4caa-a964-6d2de787b07f?feedback_type=other) > [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/35670) @dosu 1) I defined a viewer role. grant below permissions. can read on Chart can read on Dataset can read on Dashboard can read on Database can read on SavedQuery can read on Embedded Dashboard can read on Query <img width="2378" height="716" alt="image" src="https://github.com/user-attachments/assets/d4e6c678-9e7d-4ac9-ba8a-b98fa12e8b27"; /> 2. request the guest_token, claim the roles as viewer const token = await axios.post('http://172.19.145.51:8088/api/v1/security/guest_token/', { "resources": [{ "type": "dashboard", "id": dashboardId }], "user": { "username": "test" }, "roles": ["Viewer"], "rls": [] }, { headers: { 'Authorization': Bearer ${accessToken}, 'X-CSRFToken': csrfToken, }, withCredentials: true, token: accessToken, csrfToken: csrfToken, }); console.log(token); return token?.data.token; } 3. access the Embedded superset report, and still 403 Forbidden for these urls http://172.19.145.51:8088/api/v1/dashboard/10 http://172.19.145.51:8088/api/v1/dashboard/10/charts http://172.19.145.51:8088/api/v1/dashboard/10/datasets So what's wrong in my porcess? GitHub link: https://github.com/apache/superset/discussions/35670#discussioncomment-14696614 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
