Metabase: I'm embedding this way

As discussed in the post (Embedded dashboard security) see how I’m working: In figure 01, it shows the configuration of the incorporation of the dashboard, in figure 02, by clicking the right button and displaying the source code of the frame, you can see the coded URL (shown in figure 03). I copy this URL and put it in my application inside an iframe and that’s it. Can I work this way?

This way I’m embedding the dashboard in my application. However, it does not ask for any authentication, only the authentication that is already built for the application.

The entire point is that your app should generate the token and then you should set the expiration, so the token is only valid for a few seconds - or whatever seems enough for your application.
Within that expiration period, anyone with that token can access data.

What language is your app coded in?

It is coded in JAVA for web, we use the ZK framework.


In Figure 01, the token generation code is in Node.js, but I do not see the expiration time of it. Or is this just a sample code?

That is just sample code. You can change to other samples by clicking the dropdown.
You need to generate the token - not using the sample token.
And there is a sample with expiration in #8111
There’s probably a JWT library for Java, so search for that.

Hi @flamber, bom dia!

If I choose to use this sample token, it does not have a lifetime, right? So, will it behave like a public share?

You should never use the token generated from the sample.
A token is like a password, so if you use the sample token, then all users will be using the same “password”.
Then you might as well just use Public Sharing.