GitHub user LiamTorrelli added a comment to the discussion: Mixing Jmix Superset add-on embedded dashboards (guest token) with full Superset UI iframe (SSO) causes redirect to login
Same nightmare here. User logs into our app through Keycloak, opens an embedded chart with a guest token, then bookmarks Superset directly — session gone, login wall. You're running two auth systems in one browser tab. The guest JWT is a separate anonymous session inside the iframe. It doesn't ride your app's SSO. They step on each other's cookies. Band-aid that helped short-term: isolate Superset on its own subdomain and tighten cookie scoping. What actually fixed it for us was leaving iframe mode. I collected every auth failure I've hit in production, including this thread: https://drafted.work/blog/superset-iframe-embedding-problems Guest-token plumbing (mint path, RLS injection, config switches): https://drafted.work/blog/superset-embedded-sdk-guest-tokens GitHub link: https://github.com/apache/superset/discussions/35231#discussioncomment-17393163 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
