Sigma Secure Embed with JWT

sigma_secure_embed_JWT/.env

@@ -0,0 +1,14 @@
+# .env file
+
+# Sigma embed configuration - REQUIRED parameters:
+BASE_URL=https://app.sigmacomputing.com
+EMBED_PATH={url path to embed}
+EMBED_CLIENT_ID={your client id}
+EMBED_SECRET=(your embed secret)
+[email protected] 
+
+# Session length in seconds:
+SESSION_LENGTH=3600
+
+# Local server port:
+PORT=3000

sigma_secure_embed_JWT/embed-api.js

@@ -0,0 +1,60 @@
+const jwt = require('jsonwebtoken'); // Import jsonwebtoken library for handling JWTs
+const { v4: uuid } = require('uuid'); // Import uuid for generating unique identifiers
+const dotenv = require('dotenv'); // Import dotenv for loading environment variables
+
+dotenv.config(); // Load environment variables from .env file
+
+// Define constants for the base URL, embed path, and session length
+const BASE_URL = process.env.BASE_URL;
+const EMBED_PATH = process.env.EMBED_PATH;
+const SESSION_LENGTH = Math.min(process.env.SESSION_LENGTH || 3600, 2592000); // Max 30 days in seconds
+
+// Log the important configuration details to ensure they are correctly set
+console.log('BASE_URL:', BASE_URL);
+console.log('EMBED_PATH:', EMBED_PATH);
+console.log('SESSION_LENGTH:', SESSION_LENGTH);
+console.log('EMBED_CLIENT_ID:', process.env.EMBED_CLIENT_ID); // Add this to verify the client ID
+
+// Function to generate a signed URL for embedding Sigma dashboards
+async function generateSignedUrl() {
+    try {
+        // Retrieve the secret and email from environment variables
+        const secret = process.env.EMBED_SECRET;
+        const email = process.env.EMBED_EMAIL;
+        const time = Math.floor(Date.now() / 1000); // Generate the current time as a Unix timestamp
+
+        // Generate JWT with claims
+        // See https://help.sigmacomputing.com/docs/example-embed-api-and-jwt-signed-url for list of available claims
+        const token = jwt.sign({
+            sub: email, // Subject (the email of the user)
+            iss: process.env.EMBED_CLIENT_ID, // Issuer (client ID)
+            jti: uuid(), // JWT ID (unique identifier for the token)
+            iat: time, // Issued at time (current time)
+            exp: time + SESSION_LENGTH, // Expiration time (current time + session length)
+            account_type: "lite", // Optional claim for account type
+            teams: ["Sales_People"] // Optional claim for user teams
+        }, secret, {
+            algorithm: 'HS256', // Algorithm used for signing the JWT
+            keyid: process.env.EMBED_CLIENT_ID // Key ID for the JWT header, should match Sigma's expectations
+        });
+
+        // Decode the JWT to inspect its content and log it
+        const decodedToken = jwt.decode(token, { complete: true });
+        console.log('Decoded JWT:', decodedToken); // Log the decoded JWT for debugging
+
+        // Construct the signed embed URL by appending the JWT and embed parameters
+        const signedEmbedUrl = `${BASE_URL}${EMBED_PATH}?:jwt=${token}&:embed=true`;
+
+        // Log the constructed signed URL
+        console.log('Signed Embed URL:', signedEmbedUrl);
+
+        return signedEmbedUrl; // Return the signed embed URL
+    } catch (error) {
+        // Log any errors that occur during JWT generation
+        console.error("Failed to generate JWT:", error);
+        throw new Error("JWT generation failed"); // Throw an error if JWT generation fails
+    }
+}
+
+// Export the generateSignedUrl function so it can be used in other files
+module.exports = { generateSignedUrl };