Hi I have a question about SSO login. Currently I'm using the SSO PGP login similar to the example in the documentation here https://help.gooddata.com/doc/growth/en/expand-your-gooddata-platform/gooddata-integr[…]-up-user-authentication-and-sso/gooddata-pgp-single-sign-on/ This works well, but breaks if third-party cookies are disabled such as when Google Chrome is used in incognito mode. Is there a way of retrieving the GDCAuthSST cookie/token in a way that can be used without 3rd party cookies? The login method here looks like it might do what I want, but it's not clear how to use this with PGP SSO https://help.gooddata.com/doc/enterprise/en/expand-your-gooddata-platform/api-reference/?search=embed#tag/login

Hi Paul, since you are using PGP SSO, you can use the customerlogin resource to obtain SST and TT tokens for any purpose. Note that the targetURL can be any resource on our platform e.g. gdc/ping or any other resource, and this can only be done via the API. You will just need to find a way to inject the tokens into your browser, but take into account that it will be necessary for you to assess the security risks as this is not a standard use case. In general, we recommend to always have enabled 3rd party cookies for the normal functioning of the authentication flow: Known Issue: Blocking Cookies May Make Embedded GoodData Inaccessible – GoodData Support

Hi Moises, thanks for your reply. I'll test with the customerlogin endpoint.

Hi Paul, one more thing to mention is that when embedding GoodData into your solution hosted on your single hostname, it is recommended to white-label your GoodData domain and change its hostname in a way that the GoodData hostname matches the application ’s hostname. So if for example your app runs on app.example.com you can have your GoodData hostname be analytics.example.com and then if you embed GoodData into your app, browsers will not consider GoodData cookies as third-party cookies.

Ah thanks Michal that is good to know. Unfortunately in my situation our white-labelled GoodData domain is embedded within our domain, which is in turn embedded in another domain as part of a Shopify app. Shopify forbids the use of third party cookies entirely so I'm trying to work out how it might still be possible to use the /dashboards/embed endpoint without the use of third party cookies. Can the TT tokens be provided in any way other than as cookies? Such as a query string. If not, I might have to proxy requests between our domain and GoodData to insert the relevant cookies

Besides white labeling your domain, you could also tackle the cookies issue by using GD.UI to visualize the elements through React. The calls would be made to the backend directly, and the 3rd party cookies would not be requested.

Thank you Moises, the GD.UI library looks very interesting and might be exactly what we need. Thank you