anyone have any idea what this issue could be? happens only in firefox for our embedded iframe of the visualization

Hi Sasha, I was able to reproduce the issue in Microsoft Edge, and based on the behavior, I believe it would occur in any browser. The limitation stems from Auth0 itself, they intentionally block their login page from being embedded in an iframe as a security measure to prevent clickjacking attacks. You mentioned that you're able to log in using other browsers. My guess is that you were already authenticated with Auth0 in those browsers before accessing the iframe. If you try the same flow in a private/incognito window (where no prior session exists), you should see the same error message, but let me know if this is not the case. As for how to handle this, I’d recommend triggering the authentication flow before loading the iframe. Another approach is to use an API token, as outlined in our documentation, but please keep in mind the outlined security risks. Ideally, please consider using a JSON Web Token (JWT) in case authenticating outside the iframe is not an option.

we use jwt auth

Please make sure you have the following parameter in the iframe source after the dashboard id:

?apiTokenAuthentication=true

yep it's t here >return `https://housing-cloud.cloud.gooddata.com/analyze/embedded/#/${subdomain}/reportId/edit?apiTokenAuthentication=true`;

Could you try changing it to &apiTokenAuthentication=true instead?

just out of curiosity, do you have CORS and potentially also CSP set for your GoodData organization?

Could you confirm whether you are now able to log in with JWT?