Hi! I am trying to embed the dashboard to our website and I tested our JWT and JWK on get ("<url>/api/v1/profile"), which gives a responseCode of 200, but when I use the same JWT in html, it shows 401 error. also, I am in a free trail, can free trail use embed functions? There's another issue of CSP, which violates the following directive: “frame-ancestors 'none'” Here's the screenshot: Thank you so much for solving these problems!

Hi Neal, the error about frame ancestors indicates that you have not defined this in your GoodData Cloud developer settings yet, you will have to add

frame-ancestor

if you need to control which sites can show your content and remember to include

self

to avoid issues with our embedded features due to iframe restrictions. More details about this can be found in our documentation. Regarding the the 401 error, could you please provide a traceID? You should be able to find it in the browser dev console.

Thank you Morales, I set the frame-ancestor which could work fine, but I found out the way I validate my JWT vs JWK is incorrect. when I change it to the correct way, I cannot ping the endpoint based on my JWT (401 again). I don't understand cuz all I did is copy paste the command line from here: (https://www.gooddata.com/docs/cloud/manage-organization/jwt-access-token/) to group a shell script. Every output is expected expect the final requests.get check. Is there anything changed or I cannot use this functionality yet?

I see the following error in our logs:

Caused by: com.nimbusds.jose.proc.BadJWSException: Signed JWT rejected: Invalid signature

Based on this, could you make sure the token has been properly signed? Regarding the shell script, unfortunately I am not familiar with it, would it be possible to send it over here? If you are not comfortable sharing it publicly, feel free to send it privately.