@DylanM
Here’s how my JavaScript is structured.
<div id="experience-container"></div>
async function embedQSearchBar() {
const { createEmbeddingContext } = QuickSightEmbedding;
const embeddingQContext = await createEmbeddingContext({
onChange: (changeEvent, metadata) => {
console.log('Context received a change', changeEvent, metadata);
},
});
const frameOptions = {
url: embed_url, // replace this value with the url generated via embedding API
container: '#experience-container',
height: "100%",
width: "100%",
onChange: (changeEvent, metadata) => {
switch (changeEvent.eventName) {
case 'FRAME_MOUNTED': {
console.log("Do something when the experience frame is mounted.");
break;
}
case 'FRAME_LOADED': {
console.log("Do something when the experience frame is loaded.");
break;
}
}
},
};
const embeddedDashboardExperience = await embeddingQContext.embedQSearchBar(frameOptions);
}
For generating URLs, I utilize Cognito user.
import { CognitoIdentityProviderClient, AdminInitiateAuthCommand, AdminGetUserCommand} from "@aws-sdk/client-cognito-identity-provider";
import { CognitoIdentityClient, GetOpenIdTokenCommand, GetIdCommand } from "@aws-sdk/client-cognito-identity";
import { STSClient, AssumeRoleWithWebIdentityCommand } from "@aws-sdk/client-sts";
import { QuickSightClient, GetDashboardEmbedUrlCommand, RegisterUserCommand, GenerateEmbedUrlForRegisteredUserCommand } from "@aws-sdk/client-quicksight";
const getQEmbedUrl = async (clientQuicksight, topicId = "*********") => {
const getQSearchBarParams = {
"AwsAccountId": "178*******",
"ExperienceConfiguration": {
"QSearchBar": {
"InitialTopicId": topicId
}
},
"UserArn": "arn:aws:quicksight:us-east-1:*********:user/default/QuickSightEmbeddingCognito-CognitoAuthorizedRole-*********/unique-session-identifier"
};
const command = new GenerateEmbedUrlForRegisteredUserCommand(getQSearchBarParams);
const responseClient = await clientQuicksight.send(command);
const result = {
statusCode: 200,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers": "Content-Type",
},
body: JSON.stringify(responseClient),
isBase64Encoded: false,
};
return result;
};
export const handler = async (event) => {
const queryParams = event.queryStringParameters;
const config = {region: 'us-west-2'};
const clientCognitoIdentityProvider = new CognitoIdentityProviderClient(config);
const clientCognitoIdentity = new CognitoIdentityClient(config);
const clientStsClient = new STSClient(config);
const input = {
AuthFlow: "ADMIN_NO_SRP_AUTH",
ClientId: "*********",
UserPoolId: "us-west-2*********",
AuthParameters: {
USERNAME : "*********",
PASSWORD: "*********@*********"
}
}
// Authenticate Cognito User
const command = new AdminInitiateAuthCommand (input);
const authResult = await clientCognitoIdentityProvider.send(command);
const inputGetId = {
AccountId: '*********',
IdentityPoolId: "us-west-2:*********",
Logins: {
"cognito-idp.us-west-2.amazonaws.com/*********" : authResult.AuthenticationResult.IdToken
}
};
const commandGetId = new GetIdCommand(inputGetId);
const identityResult = await clientCognitoIdentity.send(commandGetId);
const inputGetOpenIdToken= {
IdentityId : identityResult.IdentityId,
Logins: {
"cognito-idp.us-west-2.amazonaws.com/*********" : authResult.AuthenticationResult.IdToken
}
}
const commandGetOpenIdToken = new GetOpenIdTokenCommand(inputGetOpenIdToken);
const openIdResult = await clientCognitoIdentity.send(commandGetOpenIdToken);
const inputAssumeRole = {
RoleArn: "arn:aws:iam::*********:role/*********-*********-*********", // required
RoleSessionName: "unique-session-identifier", // required
WebIdentityToken: openIdResult.Token,
}
// Assume role
const commandAssumeRole = new AssumeRoleWithWebIdentityCommand(inputAssumeRole);
const assumeRole = await clientStsClient.send(commandAssumeRole);
const clientQuicksight = new QuickSightClient({
region: 'us-west-2',
credentails: {
accessKeyId: assumeRole.Credentials.AccessKeyId,
secretAccessKey: assumeRole.Credentials.SecretAccessKey,
sessionToken: assumeRole.Credentials.SessionToken,
expiration: assumeRole.Credentials.Expiration
}
});
return getQEmbedUrl(clientQuicksight, queryParams.topicId);
};
Additional Details:
- I have tested both v2.5 and v2.6 of the quicksight sdk library.
- I have tried another cognito user
- I have checked role permission and quicksight permission(Reader, domain, embed)