Bypassing logon screen using Token created with API

I’ve successfully embedded a dashboard in an IFRAME using the JWT stuff. All working really well.
What I want to add now is the ability for the user to explore the data further (filter by clicking values etc). To do this, I’ve created a guest user account. I can use the REST API to generate a logon token, but I can’t find a way to pass this to the main application.
Idealy, I’d like to redirect the user using something like:

Can this be done? Is there an alternative way to bypass the login screen?

Although, I haven’t tried this - but looks like if you can set the token as the ‘metabase.SESSION_ID’ in cookies on the domain it should work.