GitHub user dosubot[bot] added a comment to the discussion: Is there an existing method to refresh the embedded dashboard guest token?
<!-- Answer --> Yes — the `superset-embedded-sdk` has **built-in automatic token refresh**. You don't need to manually handle token expiry or cookie replacement. When you call `embedDashboard()`, the `fetchGuestToken` callback you provide is not just used once — the SDK automatically re-invokes it before the token expires and sends the fresh token to the iframe [[1]](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset-embedded-sdk/src/index.ts#L224-L230). It calculates refresh timing by decoding the JWT's `exp` claim and scheduling a refresh ~5 seconds before expiry [[2]](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset-embedded-sdk/src/guestTokenRefresh.ts#L26-L33). So your setup should look something like: ```javascript embedDashboard({ fetchGuestToken: () => fetch('/your-backend/guest-token').then(r => r.text()), // ... other options }); ``` Your backend endpoint calls Superset's `/api/v1/security/guest_token/` API to generate a fresh token each time. After that, the SDK handles everything — you can keep the 5-minute default expiry and it will seamlessly refresh before each expiration. If you're seeing 403/404 errors and login redirects, it likely means either: 1. Your `fetchGuestToken` callback isn't returning a valid fresh token on subsequent calls (e.g., it's returning a cached/stale token rather than fetching a new one each time). 2. You're not using the official embedded SDK and are instead loading the dashboard in a plain iframe without the SDK's token management. If you're embedding via the SDK and still hitting issues, double-check that your `fetchGuestToken` function actually makes a fresh API call each time it's invoked rather than returning a previously cached token. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=reply-with-mention&utm_term=apache%2Fsuperset).* --- Share context across your team and agents. Try [Dosu](https://dosu.dev?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-tagline&utm_term=apache%2Fsuperset). [](https://app.dosu.dev/response-feedback?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-feedback&utm_term=apache%2Fsuperset&message_id=3afa5d86-49b8-4fe6-b7b0-6644fe3723c2) [](https://github.dosu.com/apache/superset?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-learn-repo&utm_term=apache%2Fsuperset) [](https://app.dosu.dev/signup?referrer=openSource&source=github-footer&utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-add-team&utm_term=apache%2Fsuperset) GitHub link: https://github.com/apache/superset/discussions/39966#discussioncomment-16853365 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
