feat: add examples for JWT embeds

Author: HiranmayaGundu

.gitignore

@@ -0,0 +1 @@
+node_modules/

go/go.mod

@@ -0,0 +1,5 @@
+module embed-signing-packages/go
+
+go 1.22.5
+
+require github.com/golang-jwt/jwt/v5 v5.2.2 // indirect

go/go.sum

@@ -0,0 +1,2 @@
+github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
+github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=

go/signing.go

@@ -9,6 +9,8 @@ import (
 	"math/rand"
 	"strings"
 	"time"
+
+	"github.com/golang-jwt/jwt/v5"
 )
 
 // Replace with your own values
@@ -18,6 +20,29 @@ const (
 	embedSecret = "your secret here"
 )
 
+func generateJWTEmbedURl() string {
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+		"sub":          "xyz@xyz.com",
+		"jti":          fmt.Sprintf("%x", rand.Int63()),
+		"iat":          time.Now().Unix(),
+		"exp":          time.Now().Add(time.Hour * 1).Unix(),
+		"iss":          clientID,
+		"ver":          "1.1",
+		"aud":          "sigmacomputing",
+		"teams":        [...]string{"EmbedTeam"},
+		"account_type": "Pro",
+	})
+
+	tokenString, err := token.SignedString([]byte(embedSecret))
+
+	if err != nil {
+		panic(err)
+	}
+
+	url := fmt.Sprintf("https://app.sigmacomputing.com/<your org>/<your workbook>?:embed=true&:jwt=%s", tokenString)
+	return url
+}
+
 func myQuote(val string) string {
 	val = strings.ReplaceAll(val, " ", "%20")
 	return val
@@ -31,7 +56,7 @@ func urlencode(pairs map[string]interface{}) string {
 	return strings.Join(encodedParams, "&")
 }
 
-func main() {
+func secureEmbedUrl() string {
 	params := map[string]interface{}{
 		":nonce":              fmt.Sprintf("%x", rand.Int63()),
 		":email":              "xyz@xyz.com",
@@ -54,5 +79,14 @@ func main() {
 
 	urlWithSignature := urlWithParams + "&" + urlencode(map[string]interface{}{":signature": signature})
 
-	fmt.Println(urlWithSignature)
+	return urlWithSignature
+}
+
+func main() {
+	fmt.Println("=========JWT Embed URL=========")
+	fmt.Println(generateJWTEmbedURl())
+	fmt.Println("==================================")
+	fmt.Println("=========Secure Embed URL=========")
+	fmt.Println(secureEmbedUrl())
+	fmt.Println("==================================")
 }

node/package-lock.json

@@ -0,0 +1,28 @@
+{
+  "name": "embed-signing-package",
+  "version": "1.0.0",
+  "description": "Example functions to sign Sigma embed urls ",
+  "main": "signing.js",
+  "scripts": {
+    "start": "node signing.js"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/sigmacomputing/embed-signing-packages.git#main"
+  },
+  "keywords": [
+    "Sigma",
+    "Embed",
+    "Secure",
+    "Embeds"
+  ],
+  "author": "",
+  "license": "ISC",
+  "bugs": {
+    "url": "https://github.com/sigmacomputing/embed-signing-packages/issues"
+  },
+  "homepage": "https://github.com/sigmacomputing/embed-signing-packages/tree/main#readme",
+  "dependencies": {
+    "jsonwebtoken": "^9.0.2"
+  }
+}

node/package.json

@@ -1,10 +1,11 @@
-const crypto = require('crypto');
-const { URLSearchParams } = require('url');
+const crypto = require("crypto");
+const { URLSearchParams } = require("url");
+const jwt = require("jsonwebtoken");
 
 // Replace with your own values
-const EMBED_PATH   = "your path here"
-const CLIENT_ID    = "your clientid here"
-const EMBED_SECRET = "your secret here"
+const EMBED_PATH = "your path here";
+const CLIENT_ID = "your clientid here";
+const EMBED_SECRET = "your secret here";
 
 function urlencode(pairs) {
   const params = new URLSearchParams();
@@ -14,25 +15,66 @@ function urlencode(pairs) {
   return params.toString();
 }
 
-const params = {
-  ":nonce": crypto.randomBytes(16).toString('hex'),
-  ":email": "xyz@xyz.com",
-  ":external_user_id": "xyz@xyz.com",
-  ":client_id": CLIENT_ID,
-  ":time": Math.floor(new Date().getTime() / 1000),
-  ":session_length": 3600,
-  ":mode": "view",
-  ":external_user_team": "EmbedTeam",
-  // custom controls/parameters
-  // "Store-Region": "West",
-};
+function generateSignedEmbedUrl() {
+  const params = {
+    ":nonce": crypto.randomBytes(16).toString("hex"),
+    ":email": "xyz@xyz.com",
+    ":external_user_id": "xyz@xyz.com",
+    ":client_id": CLIENT_ID,
+    ":time": Math.floor(new Date().getTime() / 1000),
+    ":session_length": 3600,
+    ":mode": "view",
+    ":external_user_team": "EmbedTeam",
+    // custom controls/parameters
+    // "Store-Region": "West",
+  };
 
-const urlWithParams = `${EMBED_PATH}?${urlencode(params)}`;
+  const urlWithParams = `${EMBED_PATH}?${urlencode(params)}`;
 
-const signature = crypto.createHmac('sha256', Buffer.from(EMBED_SECRET, 'utf8'))
-  .update(Buffer.from(urlWithParams, 'utf8'))
-  .digest('hex');
+  const signature = crypto
+    .createHmac("sha256", Buffer.from(EMBED_SECRET, "utf8"))
+    .update(Buffer.from(urlWithParams, "utf8"))
+    .digest("hex");
 
-const urlWithSignature = `${urlWithParams}&:signature=${signature}`;
+  const urlWithSignature = `${urlWithParams}&:signature=${signature}`;
+  return urlWithSignature;
+}
+
+function generateJwtEmbedUrl() {
+  const payload = {
+    iss: CLIENT_ID,
+    sub: "xyz@xyz.com",
+    aud: "sigmacomputing",
+    jti: crypto.randomBytes(16).toString("hex"),
+    ver: "1.1",
+    iat: Math.floor(new Date().getTime() / 1000),
+    exp: Math.floor(new Date().getTime() / 1000) + 3600,
+    teams: ["EmbedTeam"],
+    account_type: "Pro",
+  };
+
+  const token = jwt.sign(payload, EMBED_SECRET, {
+    algorithm: "HS256",
+    keyid: CLIENT_ID,
+  });
+  const urlWithToken = `https://app.sigmacomputing.com/<your org>/<your workbook>?:embed=true&:jwt=${token}`;
+  return urlWithToken;
+}
+
+function main() {
+  const jwtUrl = generateJwtEmbedUrl();
+  console.log(
+    `===========JWT Embed URL============
+    ${jwtUrl}
+    ==========================================`
+  );
+
+  const urlWithSignature = generateSignedEmbedUrl();
+  console.log(
+    `===========Signed Embed URL============
+    ${urlWithSignature}
+    ==========================================`
+  );
+}
 
-console.log(urlWithSignature);
+main();