Boards picker for unregistered users "This board is private" issue.

  • 6 June 2023
  • 7 replies
  • 70 views
Alexander Akhtyrtsev
Badge +1

Hello there,

Having a problem with embedding Miro inside another iframe.
It says “This is a private board”.
I’ve submited the form to get access to boards picker component according to documentation.


Here is the code:

miroBoardsPicker.open({
            clientId: clientId,
            action: 'access-link',

            allowCreateAnonymousBoards: true,
            getToken: async () => axios.post('/obtain-jwt').then(r => r.data),

            error: e => { console.log('on error', e) },
            cancel: () => { console.log('on cancel') },

            success: async function (result) {
                console.log(result)

                window.open(result.accessLink)
            },
        })
 

It works well upon opening the access link in the separate window via window.open()
Access Link example: https://miro.com/app/live-embed/uXjVMBMXOW0=/?boardAccessToken=5GDDy0S9quNzU4zH3U4jtsktWiJbpgKV&autoplay=true

However inside iframe some XHR requests falling with 403 error.



​​​​​


I noticed, that in requests which failing with 403 error, there is header absent X-Access-Link for some reason. But this header is present when link has been opening via window.open() call.
 

 

 



 

7 replies

Josip Janzic
Rank
Userlevel 2
Badge +1

Hi @Alexander Akhtyrtsev, this might be because you web browser is configured to block third-party cookies. You will need to sign in each time that you want to access the board. See the authentication docs.

Could you try opening the iframe in a different browser, to see if that’s the issue?

Alexander Akhtyrtsev
Badge +1

@Josip Janzic I believe it is not a browser issue as it works the same way in different browsers.
Third-party cookies are allowed. 
If I got board access token, why do I need to be authenticated again?
https://miro.com/app/live-embed/uXjVMBMXOW0=/?boardAccessToken=5GDDy0S9quNzU4zH3U4jtsktWiJbpgKV&autoplay=true
Also, according to documentation live embed for unregistered users, we don’t need to generate token for each user

Josip Janzic
Rank
Userlevel 2
Badge +1

If the board picker user already has a Miro account then the url in in iframe should not contain the boardAccessToken parameter (in that case you don’t need to use the accessLink url). Could you try embedding the board in iframe with just https://miro.com/app/live-embed/uXjVMBMXOW0= (without boardAccessToken)?

Alexander Akhtyrtsev
Badge +1

@Josip Janzic The purpose is creating and using anonymous boards for unregistered users.
The same code works perfectly for signed-in users.
If not to provide board access token even for registered user, the issue also appears.

Josip Janzic
Rank
Userlevel 2
Badge +1

It might also be due to the fact that accessLink can only be used once, so if you are using window.open the first time that you receive the accessLink in success callba then it won’t be possible to use it again inside an iframe.

These links also can’t be shared between different users, so for each user you’ll need to generate a new accessLink.

Does this help?

Alexander Akhtyrtsev
Badge +1

@Josip Janzic The issue has been resolved by adding whitelisted domains.
Thank you for help.

Alexander Akhtyrtsev
Badge +1

Actually the access link is reusable for different users. It worked on my side, every user who had access link with token also had access to newly created anonyous board.

Reply


Terms & Conditions