I am following the Row level filtering with Embedded dashboards tutorial to build a secure, multi-tenant dashboard using Data Studio as the reporting UI/backend (and Anvil as the front-end in Python), with the aim of filtering data from a BigQuery table based on specific user permisisons.
I have completed the initial connector tutorial successfully as recommended. So far I have also completed the following steps (1-4) successfully :
user table (JSON containing specific field values each user is permitted to view)access_token in Anvil, based on hex md5 hash of a combination of user and unix timestamp, with one hour expiryapp_secret securely in Anvil to authenticate inbound requestsapp_secret and validates access_token and returns JSON containing user_email and permitted_accountsNow I've got to the point of building the custom connector, with the aim of building the next part of the flow:
access_token to Data Studio by encoding and including it in the embed URL (the report will be embedded via an iFrame) as per this sectionaccess_token from embed URL in App Script as per the statement "This will be used to capture a token from embed URL's parameters." from this sectionapp_secret and access_token from App Script to validate and receive the user permissions associated with the access_token IF validation checks pass in Anvil, otherwise return appropriate error messageHowever, upon reaching step 6 in this flow where I need to parse the access_token from the URL, the code included in the Write the Connector Code section takes the token as a user-inputted text field and does not take it from the embed URL's parameters (which to me makes no sense as making a user continually manually transpose a short-lived token seems to negate the point of this exercise).
I am also unable to find documentation in the API reference on how to achieve this.
PLEASE, does anybody know how to capture parameters from Report Embed URLs in an App Script Community Connector? I assumed it was possible from the documentation:
getConfig() should return at least one config item. This will be used to capture a token from embed URL's parameters.
Thank you for taking the time!
a. I'm assuming access_token is an overridable config parameter in your getConfig.
b. When you create the initial report, during the data source creation, you can put in any value in access_token config field. However, check the box to 'Allow "access_token" to be modified in reports'. That means, report viewers will be able to override this value even though they do not have edit access to the report or the data source.
c. Confirm that your setp #5 is following the instructions here to pass the override value for access_token.
d. That's it. Now it is irrelevant what value you put in for access_token during initial report creation. For user X, your portal was pass the value hash(user, timestamp) as the value for access_token. In your connector's getData function, request.configParams.access_token will return that specific value. You can then call your endpoint with that value to get back the user identity.