With Cookieless Embed, after 10-30 minutes of the embedded page being loaded, the embedded dashboard is replaced with this screen:
It looks like some calls around that time are made that return 401 Permission Denied, even though similar calls were made earlier to the same endpoint successfully. Mainly /api/internal/session/heartbeat and /embed/dashboards.
For our implementation, we are initializing the cookieless embed sdk like this so that we can include the authorization header in the call to get the session/tokens:
LookerEmbedSDK.initCookieless(
LookerHost,
{
headers: {
Authorization: `Bearer ${sessionId}`,
},
url: 'https://<our backend>/looker/acquire-embed-session',
credentials: 'include',
},
{
headers: {
Authorization: `Bearer ${sessionId}`,
},
url: 'https://<our backend>/looker/generate-embed-tokens',
credentials: 'include',
},
);
and then creating the dashboard
LookerEmbedSDK.createDashboardWithId(config.dashboardId)
.withClassName('looker-embed')
.appendTo(config.elementRef.nativeElement)
.build()
.connect()
.catch((error: Error) => {
console.error('An unexpected error occurred', error);
});
The acquire and generate calls are being made successfully, and even though I need to manage/cache the tokens on the backend because of this issue I opened in github, the generate call returns new tokens each time.
However, I did notice that the initial navigation token from the acquire call is being used on the failing embed/dashboards call and is in the referrer for the failing heartbeat call, but I am uncertain about the origin of those calls and haven’t been able to see if/how to make changes to the sdk to adjust them.