JIT user provisioning when GD is embedded: issue with user creation Hey team@GD, we’ve setup JIT user prov in our GD, connecting Auth0 as our provider but we have a problem with new signups when GD is embedded. • [works] When we use the xxx.cloud.gooddata.com, Auth0 appears, we do a signup and then get redirected, properly logged in, into the default workspace/dashboard but • [not working] In our webapp, we embed GD and use our JWT gen as well. when we hit app.domain.com, Auth0 appears, we do a signup and then get redirected to our app, which tries to get a JWT token but it fails because the user doesn’t exit on the GD side. How do we make this signup flow (with autoprovisionning and JWT) work? Any extra step we should be taking which we missed? Any help appreciated! (cc @Emir)

Heya Romain, Radek from the GoodData Technical team here! 🙂 Is there any reason you're using JWT in the app when you already have a working Auth0 setup? Auth0 has its own SDK and can work with the user authentication state, so that might be a bit more of a seamless solution unless I'm missing something.

Hi Radek, thanks for the response! To give a bit more background on our setup: we’re embedding dashboards and insights into a React app using the GoodData SDK. Auth0 is integrated as our authentication provider for both the web app and GoodData. Our current flow uses JWT for secure backend communication with GoodData rather than relying on an admin token (so the React app uses

TigerJwtAuthProvider

to set up GD backend). We generate a JWT based on the user’s GoodData entity after logging into our app. The problem arises when new users, who don’t yet exist in GoodData, attempt to log in. When our app tries to generate the JWT and can’t find the user in GoodData, the process fails. So we're seeking help on how we can auto-provision these users in GoodData during their first login to avoid this JWT generation issue. Or, is there a better flow to handle the user lookup/failure scenario? Thanks!

Ohh, I see! Technically, since you're using Auth0 for both, you could still handle the authentication just through that, without going to JWT or an API token - the only catch is avoiding any extra loading screens after app login when the user navigates to GD content for the first time, but this can be managed with some careful state management. I have a small (and relatively messy) personal example of this demonstrating the general concepts behind this built with GD.UI, Vite and Auth0 SDK that I could share via private message if you'd like something to (loosely) follow! 🙂

Hi Radek. Yes, we've sorted it out and implemented a solution. Thanks a lot for your help and time, it was valuable.

Perfect, glad to hear! 🙂