JSON web token claims reference
When creating a secure embed, use these claims in the construction of the JWT to pass information in your embed URL.
| Claim name | Required? | Claim description | Type |
|---|---|---|---|
sub | Required | The email address of the user logging in. | string |
jti | Required | JWT ID. A unique ID associated with the session. | string |
iat | Required | Issued at time, as number of seconds from epoch. | number |
exp | Required | Expired at time, as number of seconds from epoch. Cannot exceed 30 days. | number |
alg | Optional | Must be HS256. Must be in the header, if included. | string |
kid | Required | The embed client ID. Must be in the header. | string |
iss | Optional | The issuer key. Enter the embed client ID. | string |
oauth_token | Optional | Can only be used with ver: "1.1".The OAuth token to use when using organization-level OAuth connections. This token must be encrypted with the embed secret. See Sigma Node.js Embed SDK . This package provides information on how to encrypt your OAuth tokens so that they are compatible with the embed API. | string |
connection_oauth_tokens | Optional | Can only be used with ver: "1.1".Keys are the desired connection IDs and values are encrypted OAuth tokens that the embed user will use to access data for that connection. See Sigma Node.js Embed SDK . This package provides information on how to encrypt your OAuth tokens so that they are compatible with the embed API. | Record<string,string> |
eval_connection_id | Optional | The connection to use instead of the connection that the workbook is associated with. Connection switching is not applicable when using write-back features. | string |
first_name | Optional, affects embed users only. | First name for the embed user. | string |
last_name | Optional, affects embed users only. | Last name for the embed user. | string |
user_attributes | Optional, affects embed users only. | User attributes for the embed user. Pass multiple attributes in this format: {"attribute1":"value1","attribute2":"value2"}. | Record<string,string> |
account_type | Optional, affects embed users only. | Account type for the embed user. When you don't specify an account type, Sigma defaults to the highest account type when assigning values to embed users created through secure embeds. | string |
teams | Optional, affects embed users only. | Teams that the embed user is a part of. Pass multiple teams in this format:["team1", "team2"] | string[] |
ver | Optional | JWT version number. The only accepted values are "1.0" or "1.1". If nothing is provided "1.0" is assumed. | string |
aud | Optional for ver: "1.0", Required for ver: "1.1" | The audience claim. Must be sigmacomputing if using ver: "1.1". Is ignored if using ver: "1.0" | string |
Updated about 11 hours ago