With Cookieless Embed, after 10-30 minutes of the embedded page being loaded, the embedded dashboard is replaced with this screen:
It looks like some calls around that time are made that return 401 Permission Denied, even though similar calls were made earlier to the same endpoint successfully. Mainly /api/internal/session/heartbeat and /embed/dashboards.
For our implementation, we are initializing the cookieless embed sdk like this so that we can include the authorization header in the call to get the session/tokens:
LookerEmbedSDK.initCookieless( LookerHost, { headers: { Authorization: `Bearer ${sessionId}`, }, url: 'https://<our backend>/looker/acquire-embed-session', credentials: 'include', }, { headers: { Authorization: `Bearer ${sessionId}`, }, url: 'https://<our backend>/looker/generate-embed-tokens', credentials: 'include', }, );
and then creating the dashboard
LookerEmbedSDK.createDashboardWithId(config.dashboardId) .withClassName('looker-embed') .appendTo(config.elementRef.nativeElement) .build() .connect() .catch((error: Error) => { console.error('An unexpected error occurred', error); });
The acquire and generate calls are being made successfully, and even though I need to manage/cache the tokens on the backend because of this issue I opened in github, the generate call returns new tokens each time.
However, I did notice that the initial navigation token from the acquire call is being used on the failing embed/dashboards call and is in the referrer for the failing heartbeat call, but I am uncertain about the origin of those calls and haven't been able to see if/how to make changes to the sdk to adjust them.
Hey Colin
This sounds like the session length that is being specified for the embed session needs to be adjusted?
If this is not the issue, can you provide more details on how the cookieless embed session is being set up (namely around the permissions and other values that are being set for this embed session)?
Best,
Drew