embedding problem

[Diwash-Mishra]

while doing one tap login in a simple app superset is denying the access to dataset databases and charts after the embedding

[dosubot[bot]]

Hi @Diwash-Mishra! I'm Dosu and I’m helping the superset team.

Superset requires a special guest token for embedded dashboards, which is separate from regular authentication like SSO or one-tap login. If you embed Superset after a one-tap login but do not provide a guest token scoped to the dashboard and its datasets, Superset will deny access to datasets, databases, and charts—even if the dashboard frame loads. The guest token must include user info, resources (dashboard IDs), and any row-level security rules, and be passed to Superset (usually as a header) during embedding. Make sure the EMBEDDED_SUPERSET feature flag is enabled, the dashboard is published for embedding, your embedding domain is in allowed_domains, and CORS settings are correct. If you skip the guest token step, users will only have access to resources allowed by their RBAC roles or the public role, which usually means no data access in embedded views. See more details in the code and docs.

To reply, just mention @dosu.

---

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}