https://www.gooddata.com/ logo
Join Slack
Powered by
Hi - I have Good Data embedded in my product. I us...
# gooddata-platform
m
Hi - I have Good Data embedded in my product. I use a SSO provider to handle login (Auth0). However, sometimes a user will find themselves authenticated within my product but not for GoodData. In that case, the iframe for GoodData shows the user a login screen native to GoodData. Is there any way to hide this screen if the user isn't logged in? Or maybe a way for my product to know the user isn't authenticated, so I can force the user to log in again through Auth0?
m
👍 1
m
Yeah, I do something like this. However, the scenario I'm talking about involved a user who came back after a month. She was still authenticated in my app but not in Good Data. I think I just need to expire my application's sessions sooner
Is there any way to disable the GoodData login screen as a backup?
Or maybe a better question... is there a way for my product to know if the Good Data login screen is appearing within my product instead of the dashboards themselves? That way I could force the user to re-authenticate.
b
Hi Mitchel, I am afraid that we don't have a way to diable the login screen. However, one option would be to use service provider initiated SSO flow, in which case, the user should be reauthenticated automatically. Other ideas that come to mind would be to trigger the SSO authentication periodically (although I am not sure if that could somehow affect the user experience). Or as you are mentioning you could somehow track if the session is still valid. In gooddata the authentication is done using two type of cookies - SST (long term validity token) and TT (temporary token with validity of 10 minutes). TT is used for all API calls and SST is used just to renew TT. Whenever the TT expires, the initial API call ends up with 401 and the client automatically tries to renew the token by calling 
/gdc/account/token
if it's successful, the original API is retried, if the 
/gdc/account/token
also returns 401, user is redirected to the login screen. Therefore the way would be to track responses on 
/gdc/account/token
and in case of 401 you can force re-authentication.
m
Got it @Boris. So in theory, I should be able to make regular API calls to check if the user is still authenticated. If not, I can force them to re-authenticate? I have also set up my own product to log the user out after 24 hours -- forcing them to re-authenticate for everything via SSO.
b
that's exactly right
m
Awesome, I'll give it a try. Thanks @Boris!
j
Hi @Boris, is this use case still an issue today ?
Open in Slack
PreviousNext
Powered by