QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-04-23 18:14:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: clarify GUEST_TOKEN_JWT_AUDIENCE usage in the SDK (#33673)

Browse Source
This commit is contained in:
Zack
2025-06-10 20:41:54 -07:00
committed by GitHub
parent e05ccb3824
commit 59e3645c17
2 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
superset-embedded-sdk/README.md
View File

@@ -116,8 +116,11 @@ Example `POST /security/guest_token` payload:
}
```
Alternatively, a guest token can be created directly in your app with a json like the following, and then signed
with the secret set in configuration variable `GUEST_TOKEN_JWT_SECRET` (see configuration file config.py)
Alternatively, a guest token can be created directly in your app without interacting with the Superset API.
To do this, you should update the `GUEST_TOKEN_JWT_SECRET`
in the Superset [config.py](https://github.com/apache/superset/blob/master/superset/config.py). Also set the
`GUEST_TOKEN_JWT_AUDIENCE` variable that matches what is set for the `aud` in the JSON payload:
```
{
"user": {
@@ -139,6 +142,13 @@ with the secret set in configuration variable `GUEST_TOKEN_JWT_SECRET` (see conf
}
```
In this example, the configuration file includes the following setting:
```python
GUEST_TOKEN_JWT_AUDIENCE="superset"
```
### Sandbox iframe
The Embedded SDK creates an iframe with [sandbox](https://developer.mozilla.org/es/docs/Web/HTML/Element/iframe#sandbox) mode by default