Myles Loffler
TFDThoughtSpot For Developers
•Created by Murali Krishna on 7/31/2024 in #dev-help
Hello team, This is Murali from Virsec.
@Sandeep, our update was applied last night and seems to have resolved the issue for us. Thanks!
19 replies
TFDThoughtSpot For Developers
•Created by Murali Krishna on 7/31/2024 in #dev-help
Hello team, This is Murali from Virsec.
@Sandeep, we have an update scheduled. I will follow up when we know the results.
19 replies
TFDThoughtSpot For Developers
•Created by Murali Krishna on 7/31/2024 in #dev-help
Hello team, This is Murali from Virsec.
Thanks for digging into that for us, @Sandeep. I will do that.
19 replies
TFDThoughtSpot For Developers
•Created by Murali Krishna on 7/31/2024 in #dev-help
Hello team, This is Murali from Virsec.
Roughly when could we expect those changes? If there's nothing you can share, I undertand. Anything you do share I'm not going to take as a commitment, just hoping to be able to share something with my team.
19 replies
TFDThoughtSpot For Developers
•Created by Murali Krishna on 7/31/2024 in #dev-help
Hello team, This is Murali from Virsec.
19 replies
TFDThoughtSpot For Developers
•Created by Murali Krishna on 7/31/2024 in #dev-help
Hello team, This is Murali from Virsec.
One last thing I just noticed: this might be dependent on the browser in use.
I typically use Chrome (currently 126.0.6478.127). I DO NOT seem to be experiencing the same behavior with Firefox (currenty 128.0) and it IS NOT sending the
JSESSIONID cookie in either case.
Inspecting browser storage, Firefox seems to be isolating the JSESSIONID cookie differently. It is not visible in the cookies from my application URL in Firefox, but it is listed in Chrome.19 replies
TFDThoughtSpot For Developers
•Created by Murali Krishna on 7/31/2024 in #dev-help
Hello team, This is Murali from Virsec.
I do see a good number of requests being made with the token in either case, but interactions within the embedded application are not associated with the user associated with the token if there is a session with *.thoughtspot.cloud available.
For example, we have a
SearchEmbed and the effect can clearly be seen in the available data points. My admin user has more access and can see data points the app user cannot.
If I'm logged in, I see those datapoints in the SearchEmbed. If I'm logged out, the application authorization is used as expected and they are not available.e19 replies
TFDThoughtSpot For Developers
•Created by Murali Krishna on 7/31/2024 in #dev-help
Hello team, This is Murali from Virsec.
👋 Hey there, I'm not Murali, but my team has a similar use case and experiences the same behavior.
We use
AuthType.TrustedAuthTokenCookieless and if we're signed in to our *.thoughtspot.cloud domain when accessing our app (which creates users for itself), that user is preferred to the cookie auth.
We've worked around this so far by logging out, using a private window, or another browser, but that's a stopgap and prone to confusion. I've been meaning to ask this same question.
For a little more context:
- The SDK is requesting tokens
- The document request for the embedding includes a JSESSIONID and a clientId cookie if logged in at *.thoughtspot.cloud and only clientId if not logged in.
- In both cases, the parameters sent with the reques tinclude: authType: AuthServerCookieless19 replies