This is the method I have come up with (PHP 8 & lcobucci/jwt: 4.1) private function generateToken(int $dashboardId, array $config): string I recently had to implement this feature in PHP. So for the time being, expiring tokens will just have to do. But I’m afraid I haven’t even the vocabulary to start researching such a thing. Providing each of the app’s users with a unique key that is revoked when accessed by more than one party simultaneously, more than a couple of devices, or something of that nature may work. And that may be burdensome not to mention annoying for legitimate users if it implies having to constantly refresh and reload the iframe and loose all previously set Metabase filters. But that means one’s app must feed these in directly via a dropdown completely outside of Metabase, for example. products and geography) to vastly limit access. The only way around this is to lock certain key parameters thereby removing them from the iframe entirely (e.g. But that is not intended as a security guarantee, any one of a group of users could share a token-ized url with parties outside the group. Metabase’s powerful locked parameters feature can be used to provide user specific content provided the user or group of users is a filterable category in the data itself. On the other hand setting the expiration even to something reasonable like 1 hour as shown here (3600 seconds) can still be annoying (imagine users in the middle of a conference presentation or a big board meeting and the expiration surprise suddenly scuttles the whole thing)! While I like the idea of Sliding Sessions to get past this I’m not so keen on the Refresh Tokens requirement behind them or the ways of tweaking them as pointed out by lcobucci/jwt’s creator.įor another even with an expiration time of one hour that’s one hour any determined party can gain unauthorized access. ‘params’ => // Corresponds to Metabase locked parametersĪlthough a significant deterrent to would-be unauthorized access it is, as you’ve noted, not a totally satisfactory solution.įor one it is not advisable to set the expiration time to something too short because upon expiration the embed’s Metabase filters become disabled and the entire embed disappears returning a token expired message. ‘dashboard’ => 1 // ID of the dashboard you want to implement >setExpiration(time() + 3600) // Configures the expiration time of the token (exp claim) >setNotBefore(time() + 60) // Configures the time that the token can be used (nbf claim) >setIssuedAt(time()) // Configures the time that the token was issue (iat claim)
Per the lcobucci/jwt v3.2 documentation under “Token signature>Hmac” I have implemented token expiration with the following modifications in bold: Thank you That confirms my understanding. Keep getting this error which refers to the above two lines:įatal error: Uncaught Error: Class ‘Lcobucci\JWT\Signer\Hmac\Sha256’ not found in C:\Users\Mesquest\Documents\Websites\\wp-content\mu-plugins\MetabasePlugin.php:17Ĭ:\Users\Mesquest\Documents\Websites\\wp-content\mu-plugins\Lcobucci\JWT\Signer\Hmac\Sha256.phpĭoes it have anything to with the Composer generated autoload.php located at:Ĭ:\Users\Mesquest\Documents\Websites\\wp-content\mu-plugins\Lcobucci\vendor\autoload.php How does one go from the class related namespace:
#Metabase embedding how to#
The next big challenge is how to divide users up into groups A, B, & C and make sure each can only see the charts & dashboards they are meant to see. to all play nice together is a VERY messy business to say the least!
Must have rearranged the file structure per the “use” statement not understanding that it’s a namespace not a path… To get Metabase, Wordpress, Windows, PHP, Apache et. Re-installed from scratch and got the site config file to pick up the composer generated autoload file.
If you want to embed something different, look at the examples in the reference app.īest place for more information is as always the documentation. Somewhere you would have to create a new iframe like this:
#Metabase embedding code#
The code should probaly look something like this:įunction name_of_your_wordpress_function() #bordered=true&titled=true" (It’s the same package which is used in the reference app).
I would suggest downloading lcobucci/jwt and then using it in a Wordpress plugin. As I understand by quickly scanning the documentation, this just adds the possibility to authenticate via JWT with the Wordpress REST API. I think the plugin you linked to (JWT Authentication for WP REST API) is not exactly the right thing.
#Metabase embedding install#
The important part is, that use a JWT package/plugin (I work mostly in Laravel which uses composer to install packages from packagist). Hey haven’t touched Wordpress in a long time, but the code you’ve linked to (the thing in routes/web.php) should work in Wordpress to.
0 kommentar(er)
