Metabase: I'm embedding this way

Lourival · April 23, 2019, 7:53pm

As discussed in the post (Embedded dashboard security) see how I’m working: In figure 01, it shows the configuration of the incorporation of the dashboard, in figure 02, by clicking the right button and displaying the source code of the frame, you can see the coded URL (shown in figure 03). I copy this URL and put it in my application inside an iframe and that’s it. Can I work this way?

This way I’m embedding the dashboard in my application. However, it does not ask for any authentication, only the authentication that is already built for the application.

flamber · April 23, 2019, 8:00pm

@Lourival
The entire point is that your app should generate the token and then you should set the expiration, so the token is only valid for a few seconds - or whatever seems enough for your application.
Within that expiration period, anyone with that token can access data.

What language is your app coded in?

Lourival · April 23, 2019, 8:29pm

It is coded in JAVA for web, we use the ZK framework.

Lourival · April 23, 2019, 8:33pm

@flamber,

In Figure 01, the token generation code is in Node.js, but I do not see the expiration time of it. Or is this just a sample code?

flamber · April 23, 2019, 8:36pm

That is just sample code. You can change to other samples by clicking the dropdown.
You need to generate the token - not using the sample token.
And there is a sample with expiration in #8111
There’s probably a JWT library for Java, so search for that.

Lourival · April 24, 2019, 1:17pm

Hi @flamber, bom dia!

If I choose to use this sample token, it does not have a lifetime, right? So, will it behave like a public share?

flamber · April 24, 2019, 4:27pm

@Lourival
You should never use the token generated from the sample.
A token is like a password, so if you use the sample token, then all users will be using the same “password”.
Then you might as well just use Public Sharing.