Hi there,
I'm able to generate my Power BI embed tokens successfully. But I'm worried about it's security, let me explain my scenario.
I have an application hosted on app.com, and my service to get token hosted on abc.com. When user logins to app.com, I call my service (hosted on abc.com) to get token and then render my Power BI report.
I see one major issue here. The code to get token is in javascript in app.com. So the user can see what code i'm calling, copy the ajax request URL and say bye bye to my app.
And behind the back the user might be pinging my service URL to get tokens and rendering report without even entering my application.
Can we avoid this scenario?
How to ensure only authenticated users can access my service hosted on abc.com?
How to use my app.com authentication for authenticating my service?
In the above scenario, calls to service hosted on abc.com should fail if the user is not logged in to app.com
In my case app.com is shopify.com.
Sorry to ask a basic question.
Thanks,
Ranbeer