Join us Sept 17 at .local NYC! Use code WEB50 to save 50% on tickets. Learn more >
MongoDB Event
Docs Menu
Docs Home
/
Atlas Charts
/
Embedding
/
Embedding SDK

Configure Embedding Authentication Providers

Atlas Charts uses tokens passed with the Embedding SDK to authenticate users who want to view embedded charts or dashboards that require authentication.

Charts doesn't render the chart or dashboard in any of the following scenarios:

  • The details in the token don't match criteria you specify.

  • The token is invalid.

  • A token isn't present.

Considerations

  • You must be an Atlas Project Owner to configure embedding authentication providers for your linked Charts instance.

  • Charts supports these authentication providers:

    • Google

    • Custom JWT

Google Tokens

Charts considers tokens from Google valid if they:

  • Are syntactically valid JWTs.

  • Are issued by the relevant authority.

  • Match the Google API Client ID you configure the provider to accept.

JWT Provider Tokens

Charts considers tokens from JWT providers valid if they:

  • Contain an expiration time claim with a time and date in the future.

    Note

    Your application must handle refreshing tokens before they expire.

  • Contain an issued at time claim with a time and date in the past.

  • Have a token lifetime of less than or equal to 24 hours. The token lifetime is the difference between the issued at time claim and the expiration time claim.

    Example

    Charts rejects a token containing the following claims because the token lifetime of one year is too long:

    {
      "iat": "1587497399",
      "exp": "1617305399"
    }

    Charts can accept a token containing the following claims because the token lifetime of 24 hours is acceptable:

    {
      "iat": "1585769399",
      "exp": "1586002999"
    }

  • Are signed using either the HS256 or RS256 signing algorithm.

  • Are signed with a key that can be verified by the secret you provide when you configure the custom JWT authentication provider.

  • Contain an audience claim that matches the one you specified when you configure the provider, if applicable.

Procedures

View Authentication Providers

To view the embedding authentication providers you have configured:

1

Go to Charts.

Warning

Navigation Improvements In Progress

We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Charts UI, see the preview documentation.

If Atlas Charts is not already displayed, click the Charts tab in the Atlas UI.

Atlas launches an instance of Charts linked to your project.

2

Go to the Embedding page.

Warning

Navigation Improvements In Progress

We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Charts UI, see the preview documentation.

Click Embedding under the Development heading in the sidebar.

The Embedding page displays.

3

Go to the Authentication Settings view.

Warning

Navigation Improvements In Progress

We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Charts UI, see the preview documentation.

Note

You must be a Project Owner to access the Authentication Settings page. As a non-admin user, you can still use embedded charts, but you must get a key from a Project Owner.

Click the Authentication Settings tab.

The Authentication Settings tab displays.

4

View the configured authentication providers in the Authentication providers section.

Add an Authentication Provider

To add an embedding authentication provider:

1

Go to Charts.

Warning

Navigation Improvements In Progress

We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Charts UI, see the preview documentation.

If Atlas Charts is not already displayed, click the Charts tab in the Atlas UI.

Atlas launches an instance of Charts linked to your project.

2

Go to the Embedding page.

Warning

Navigation Improvements In Progress

We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Charts UI, see the preview documentation.

Click Embedding under the Development heading in the sidebar.

The Embedding page displays.

3

Go to the Authentication Settings view.

Warning

Navigation Improvements In Progress

We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Charts UI, see the preview documentation.

Note

You must be a Project Owner to access the Authentication Settings page. As a non-admin user, you can still use embedded charts, but you must get a key from a Project Owner.

Click the Authentication Settings tab.

The Authentication Settings tab displays.

4

Add the authentication provider.

  1. From the Authentication providers section, click Add.

  2. In the Name field, enter a descriptive name for the provider.

  3. From the Provider list, select the type of provider you want to add.

  4. Configure Charts to verify tokens from the provider.

    The values you must enter differ based on the provider you selected:

    • Google

      In the Client ID field, enter your application's Google API Client ID, in the following format:

      <prefix>.apps.googleusercontent.com

    • Custom JWT

      Provide the following values:

      Field
      Value

      Signing Algorithm

      Encryption algorithm with which the JWT signature is encoded.

      Must be one of:

      Signing Key

      Secret or key used to validate the JWT signature. If tokens are not signed, Charts considers them invalid. If you provide an incorrect key, Charts is unable to verify token signatures and considers them invalid.

      The value you must provide depends on the Signing Algorithm:

      • HS256: enter the secret key used to sign the JWT.

      • RS256: Select either JWK or JWKS URL or PEM Public Key.

        If you select JWK or JWKS URL, Charts retrieves the key from the JWK or JWKS file at the specified URL. Charts then uses the key to validate the JSON web token. If there are multiple keys in the file, Charts tries each key until it finds a match. Enter the URL that contains the JWK or JWKS file.

        If you choose PEM Public Key, Charts uses the specified public key to verify the JSON web token. Enter the public key of the key pair used to sign the JWT. The public key must be in PEM format, as shown in the following example:

         -----BEGIN CERTIFICATE-----
         MIIDfjCCAmagAwIBAgIBBzANBgkqhkiG9w0BAQUFADB0MRcwFQYDVQQDEw5LZXJu
         ZWwgVGVzdCBDQTEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RCMRYw
         FAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UE
         BhMCVVMwHhcNMTQwNzE3MTYwMDAwWhcNMjAwNzE3MTYwMDAwWjBsMQ8wDQYDVQQD
         EwZzZXJ2ZXIxDzANBgNVBAsTBktlcm5lbDEQMA4GA1UEChMHTW9uZ29EQjEWMBQG
         A1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsxCzAJBgNVBAYT
         AlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp76KJeDczBqjSPJj
         5f8DHdtrWpQDK9AWNDlslWpi6+pL8hMqwbX0D7hC2r3kAgccMyFoNIudPqIXfXVd
         1LOh6vyY+jveRvqjKW/UZVzZeiL4Gy4bhke6R8JRC3O5aMKIAbaiQUAI1Nd8LxIt
         LGvH+ia/DFza1whgB8ym/uzVQB6igOifJ1qHWJbTtIhDKaW8gvjOhv5R3jzjfLEb
         R9r5Q0ZyE0lrO27kTkqgBnHKPmu54GSzU/r0HM3B+Sc/6UN+xNhNbuR+LZ+EvJHm
         r4de8jhW8wivmjTIvte33jlLibQ5nYIHrlpDLEwlzvDGaIio+OfWcgs2WuPk98MU
         tht0IQIDAQABoyMwITAfBgNVHREEGDAWgglsb2NhbGhvc3SCCTEyNy4wLjAuMTAN
         BgkqhkiG9w0BAQUFAAOCAQEANoYxvVFsIol09BQA0fwryAye/Z4dYItvKhmwB9VS
         t99DsmJcyx0P5meB3Ed8SnwkD0NGCm5TkUY/YLacPP9uJ4SkbPkNZ1fRISyShCCn
         SGgQUJWHbCbcIEj+vssFb91c5RFJbvnenDkQokRvD2VJWspwioeLzuwtARUoMH3Y
         qg0k0Mn7Bx1bW1Y6xQJHeVlnZtzxfeueoFO55ZRkZ0ceAD/q7q1ohTXi0vMydYgu
         1CB6VkDuibGlv56NdjbttPJm2iQoPaez8tZGpBo76N/Z1ydan0ow2pVjDXVOR84Y
         2HSZgbHOGBiycNw2W3vfw7uK0OmiPRTFpJCmewDjYwZ/6w==
         -----END CERTIFICATE-----

      Audience (Optional)

      Audience claim that must be present in the JWT for Charts to consider it valid.

  5. Click Save.

Modify an Authentication Provider

To modify an embedding authentication provider:

1

Go to Charts.

Warning

Navigation Improvements In Progress

We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Charts UI, see the preview documentation.

If Atlas Charts is not already displayed, click the Charts tab in the Atlas UI.

Atlas launches an instance of Charts linked to your project.

2

Go to the Embedding page.

Warning

Navigation Improvements In Progress

We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Charts UI, see the preview documentation.

Click Embedding under the Development heading in the sidebar.

The Embedding page displays.

3

Go to the Authentication Settings view.

Warning

Navigation Improvements In Progress

We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Charts UI, see the preview documentation.

Note

You must be a Project Owner to access the Authentication Settings page. As a non-admin user, you can still use embedded charts, but you must get a key from a Project Owner.

Click the Authentication Settings tab.

The Authentication Settings tab displays.

4

Edit the embedding provider.

  1. From the Embedding providers section, click Edit next to the provider you want to modify.

  2. Modify the values that Charts uses to verify tokens from the provider.

    See Add an Authentication Provider for the values you can modify for the provider type you configured.

  3. Click Save.

Delete an Authentication Provider

To delete an embedding authentication provider:

1

Go to Charts.

Warning

Navigation Improvements In Progress

We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Charts UI, see the preview documentation.

If Atlas Charts is not already displayed, click the Charts tab in the Atlas UI.

Atlas launches an instance of Charts linked to your project.

2

Go to the Embedding page.

Warning

Navigation Improvements In Progress

We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Charts UI, see the preview documentation.

Click Embedding under the Development heading in the sidebar.

The Embedding page displays.

3

Go to the Authentication Settings view.

Warning

Navigation Improvements In Progress

We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Charts UI, see the preview documentation.

Note

You must be a Project Owner to access the Authentication Settings page. As a non-admin user, you can still use embedded charts, but you must get a key from a Project Owner.

Click the Authentication Settings tab.

The Authentication Settings tab displays.

4

Delete the embedding provider.

From the Embedding providers section, click Delete next to the provider you want to delete.

5

Click Delete to confirm.

Important

After you delete a provider, all embedded charts that the deleted provider authenticated no longer render.

Generate an Embedding Key

Note

Only users with the Project Owner role can see this section.

Important

Embedding keys are deprecated and will be removed in a future release. Use Embedding Authentication Providers and the Embedding SDK instead.

Embedding keys are necessary for generating and verifying digital signatures of charts embedded using the Verified Signature` mode.

To generate a new embedding key, click the Generate New Key button on the right side of the page.

Warning

If you generate a new key, any previous keys become invalid. Ensure that all the existing embedded charts that use an old key are updated to use the new key.

Back

Get Started

Next

Handle Click Events

On this page