Configure Embedding Authentication Providers
On this page
MongoDB Charts uses tokens passed with the Embedding SDK to authenticate users who want to view embedded charts or dashboards that require authentication.
Charts doesn't render the chart or dashboard in any of the following scenarios:
The details in the token don't match criteria you specify.
The token is invalid.
A token isn't present.
Considerations
You must be an Atlas Project Owner to configure embedding authentication providers for your linked Charts instance.
Charts supports these authentication providers:
Google
Custom JWT
Atlas App Services Providers
Charts considers tokens from App Services providers valid if they:
Are syntactically valid JWTs.
Are issued by the relevant authority.
Match the App Services App ID you configure the provider to accept.
Google Providers
Charts considers tokens from Google providers valid if they:
Are syntactically valid JWTs.
Are issued by the relevant authority.
Match the Google Client ID you configure the provider to accept.
JWT Providers
Charts considers tokens from JWT providers valid if they:
Contain an expiration time claim with a time and date in the future.
Note
Your application must handle refreshing tokens before they expire.
Contain an issued at time claim with a time and date in the past.
Have a token lifetime of less than or equal to one hour. The token lifetime is the difference between the issued at time claim and the expiration time claim.
Example
Charts rejects a token containing the following claims because the token lifetime of one year is too long:
{ "iat": "1587497399", "exp": "1617305399" } Charts can accept a token containing the following claims because the token lifetime of one hour is acceptable:
{ "iat": "1585769399", "exp": "1585772999" } Are signed using either the
HS256
orRS256
signing algorithm.Are signed with a key that can be verified by the secret you provide when you configure the custom JWT authentication provider.
Contain an audience claim that matches the one you specified when you configure the provider, if applicable.
Procedures
View Authentication Providers
To view the embedding authentication providers you have configured:
Add an Authentication Provider
To add an embedding authentication provider:
Configure Charts to verify tokens from the provider.
The values you must enter differ based on the provider you selected:
Provider | Fields | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Custom JWT | Provide the following values:
| |||||||||||||||||||||||||||||
Google | In the Client ID field, enter your application's Google Client ID, in the following format:
| |||||||||||||||||||||||||||||
Atlas App Services | Provide the following values:
|
Modify an Authentication Provider
To modify an embedding authentication provider:
Modify the values that Charts uses to verify tokens from the provider.
See Add an Authentication Provider for the values you can modify for the provider type you configured.
Delete an Authentication Provider
To delete an embedding authentication provider:
Important
After you delete a provider, all embedded charts that the deleted provider authenticated no longer render.
Generate an Embedding Key
Note
Only users with the Project Owner role can see this section.
Important
Embedding keys are deprecated and will be removed in a future release. Use Embedding Authentication Providers and the Embedding SDK instead.
Embedding keys are necessary for generating and verifying digital signatures of charts embedded using the Verified Signature` mode.
To generate a new embedding key, click the Generate New Key button on the right side of the page.
Warning
If you generate a new key, any previous keys become invalid. Ensure that all the existing embedded charts that use an old key are updated to use the new key.