With Cookieless Embed, after 10-30 minutes of the embedded page being loaded, the embedded dashboard is replaced with this screen:
It looks like some calls around that time are made that return 401 Permission Denied, even though similar calls were made earlier to the same endpoint successfully. Mainly /api/internal/session/heartbeat and /embed/dashboards.
For our implementation, we are initializing the cookieless embed sdk like this so that we can include the authorization header in the call to get the session/tokens:
LookerEmbedSDK.initCookieless( LookerHost, { headers: { Authorization: `Bearer ${sessionId}`, }, url: 'https://<our backend>/looker/acquire-embed-session', credentials: 'include', }, { headers: { Authorization: `Bearer ${sessionId}`, }, url: 'https://<our backend>/looker/generate-embed-tokens', credentials: 'include', }, );
and then creating the dashboard
LookerEmbedSDK.createDashboardWithId(config.dashboardId) .withClassName('looker-embed') .appendTo(config.elementRef.nativeElement) .build() .connect() .catch((error: Error) => { console.error('An unexpected error occurred', error); });
The acquire and generate calls are being made successfully, and even though I need to manage/cache the tokens on the backend because of this issue I opened in github, the generate call returns new tokens each time.
However, I did notice that the initial navigation token from the acquire call is being used on the failing embed/dashboards call and is in the referrer for the failing heartbeat call, but I am uncertain about the origin of those calls and haven't been able to see if/how to make changes to the sdk to adjust them.