This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Looker
- Looker Forums
- Developing Applications
- Using EmbedSDK with custom auth/login flow
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Solved
LinkedIn
Twitter
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reply posted on
--/--/---- --:-- AM
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I’m having issues getting my head around the auth flow here.
My flow is that I create a Looker user through the 4.0 Javascript SDK, and that’s all fine. I initialise the SDK on my server side (AWS Lambdas) using LOOKERSDK_CLIENT_ID and LOOKERSDK_CLIENT_SECRET that I embed for a common API user, purely for SDK init purposes.
Once my own system user logs in I then grab their user specific client_id and client_secret that I have previously generated and stored in my own DB. I call sdk.login_user({client_id, client_secret}), and generate an authToken that can be pulled back to my React app, following the flow described in the LookerEmbedReference repo. The docs here suggest creating the browser side sdk with the CorsSessionHelper to manage user auth. Again, all fine.
My problem is that when I have created the token (by logging in the user on the SERVER side) I then try to use that token in the CorsSessionHelper util to do a basic sdk.me() call to get the user details to pass to LookerEmbedSDK, and keep getting unauthenticated errors from the sdk.
So I’m becoming very confused here as to what I’m doing wrong. Am I making the wrong assumption that I should be using a service account credential to login each user on the server side? Will that auth token still be valid when returned to the browser in order to login/init the browser side sdk?
I can’t use the OAuth flow (I’m assuming I can’t anyway) due to the fact that I don’t want my users to have to directly log into Looker, which the docs suggest is a possibility when using the OAuth flow if they don’t have an active Looker session. I need to manage that internally. Which again the LookerEmbedReference repo suggests can be done using the CorsSessionHelper type setup.
So what am I missing? The user gets logged in on the server side, the access_token is created and returned, and the browser side sdk is initialised with that token endpoint and returned access_token.
But then instantly I get a 401 when calling sdk.me() in the browser to actually verify the user. I’m stuck now trying to understand if my flow assumptions are correct. Should the sdk.login_user be done in the browser side? Is there a way to verify the browser sdk is correctly initialised?
There’s obviously a clear and easy way to manage this flow as it’s not overly complicated, I just can’t see what part I’m missing.
We’re under pressure to get this working and released so any help is appreciated 🙂
2
1
203
Topic Labels
- Labels:
-
javascript
-
sdk
1 REPLY 1
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reply posted on
--/--/---- --:-- AM
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Additional data - if I move my server side node sdk init to the auth endpoint that the EmbedSDK wants, I get errors indicating that looker is trying to call directly from an external endpoint (Looker) - my auth endpoint is internal/secured, so is this correct behaviour?
Second additional data - I removed the auth endpoint from my LookerEmbedSDK.init call to test, and the init passes, as does the createDashboardWithId(), and I see a bunch of the chatty debug messages in my browser console, but no error and no dashboard.
What stupid assumption am I making?
Top Labels in this Space
-
access grant
1 -
actionhub
6 -
actions
66 -
Admin
3 -
alert
1 -
Analytics Block
15 -
API
159 -
Authentication
8 -
BigQuery
7 -
blocks
2 -
boards
4 -
Bug
23 -
cache
2 -
Components
39 -
connection
5 -
connection database
2 -
content access
1 -
content-validator
3 -
customdimension
1 -
Dashboards
92 -
Data
4 -
Data Sources
1 -
Database
3 -
deprecated
1 -
derivedtable
2 -
develop
2 -
development
2 -
done
3 -
downloading
1 -
drilling
3 -
dynamic
2 -
embed
60 -
Embedding
36 -
Errors
6 -
etl
2 -
explore
4 -
Explores
4 -
Extensions
15 -
feature-requests
2 -
filed
1 -
filter
35 -
folders
2 -
git
7 -
Google Sheets
1 -
googlesheets
1 -
i__looker
1 -
Integrations
1 -
javascript
5 -
json
2 -
links
1 -
liquid
1 -
Looker API
79 -
LookerStudio
1 -
lookml
38 -
lookml dashboard
3 -
looks
11 -
Marketplace
9 -
merge
2 -
modeling
1 -
mysql
1 -
Networking
1 -
on-hold
1 -
parameter
2 -
pdf
3 -
pdt
2 -
permission management
3 -
postgresql
1 -
Projects
1 -
python
26 -
pythonsdk
7 -
Query
11 -
query manager
2 -
quickstart
1 -
ReactJS
10 -
redshift
3 -
release
6 -
schedule
16 -
schedule delivery
2 -
sdk
56 -
server configuration
1 -
sharing
1 -
snowflake
2 -
sql
7 -
SSO
7 -
system activity
2 -
tests
1 -
Ui
1 -
user access management
3 -
user management
5 -
user-attributes
12 -
Views
2 -
visualizations
44 -
watch
1 -
webhook
6
- « Previous
- Next »