Oauth login not work on iframe

I am trying to embed an Dashboard on another application. I know that is possible to create a public link for use on the iframe src param, but this solution is a little unsafe. Everyone could copy that url and share it letting access to this dasboard to everybody, and there are no way to hide the url.

So I try to link the dashboard without public link in the iframe. It works when I am logged in previously. When there are no session active, the iframe redirects to login, but if I try to login with google oauth, I get an error because google dont let to load inside an iframe for security reasons, so is impossible to login inside the iframe with google oauth.

Are there any other solution? The parent app whose I put the iframe, have also oauth autentication. Could be possible, via api or another way to share the token/session validated from the parent app to redash?

Redash isn’t designed to be embedded like this. Visualizations and dashboards can be embedded, but not the whole application.

We discussed your specific use case last spring, but we can’t do it without a few hacks substantial risks.

If you need to embed Redash in this way, your users should log-in to Redash outside the frame and then load the page.

I understand that I can’t embed the whole application. I could embed a visualization removing apikey from url and the result will be the same. Using an api key on the url is not safe.

I understand. Right now it isn’t possible to pass a user session into Redash like that, via API or otherwise.

Ok, thanks. I will limit the access to my redash instance only from the office subnet and use the apikey

1 Like