`authorization: Bearer YnJ5YW50Lmhvd2VsbDpKSE5vYVhKdk1TUlRTRUV0TWpVMkpEVXdNREF3TUNRNWRGcDZVREY2VUcxMmIyVXZUalEyT1ZaMWIxaEJQVDBrYTFSeVRIRmtZV1k0UjJWUldHTndPVVZIWTJsb1RVVTFVR1lyWWsxU1NtMTVVSEo1TTJkS2Ftc3laejA=`
Troubleshoot trusted authentication
CORS and CSP must be configured correctly for any embedding and REST API commands to work from the browser.
Third-party cookie issues🔗
When implementing trusted authentication with session cookies, check if your browser allows third-party cookies.
Chrome now blocks third-party cookies in Incognito mode by default, while Safari blocks them by default even in standard mode.
If your Web browser rejects third-party cookies, the embedded content will be blocked.
To workaround this issue, you can either use cookieless authentication (
AuthType.TrustedAuthTokenCookieless) in the SDK or customize the ThoughtSpot instance domain to match the top-level domain of your embedding web app.
Tester HTML page🔗
The token_auth directory contains a trusted_auth_tester.html page to help verify each step of the trusted authentication process.
Use browser developer tools🔗
init() function when using cookie-based trusted authentication:
GETrequest to the
/session/inforeturns as a 401 error (red), you will see a
GETrequest to the URL specified in the
authEndpointproperty or the URL defined in the callback function referred to be
authEndpoint(GET or POST).
Response from the URL above should return 200 with a login token.
When the login token is received, the
init()function makes a
POSTrequest to the
/session/login/tokenREST API v1 endpoint.
The first response to
/session/login/tokenwill be an HTTP 204. It may show "OPTIONS" rather than "POST"
Immediately following should be an HTTP 302 (Redirect) response to the
POSTrequest. There should be several set-cookie headers in the response, particularly a JSESSIONID=.
If the set-cookie response does not come through and actually sets the ThoughtSpot cookies in the browser, sign-in will not complete.
With cookie-less trusted authentication, you will see that every request to the ThoughtSpot instance has a request header of the form, including the retrieved token from the token request service: