Google Data Studio Community Connector: Accessing URL Parameters in App Script

Question

I am following the Row level filtering with Embedded dashboards tutorial to build a secure, multi-tenant dashboard using Data Studio as the reporting UI/backend (and Anvil as the front-end in Python), with the aim of filtering data from a BigQuery table based on specific user permisisons.

I have completed the initial connector tutorial successfully as recommended. So far I have also completed the following steps (1-4) successfully:

1. Build user authentication in Anvil and set permissions in user table (JSON containing specific field values each user is permitted to view)
2. Build mechanism to create access_token in Anvil, based on hex md5 hash of a combination of user and unix timestamp, with one hour expiry
3. Set and store app_secret securely in Anvil to authenticate inbound requests
4. Create API endpoint in Anvil which validates the app_secret and validates access_token and returns JSON containing user_email and permitted_accounts

Now I've got to the point of building the custom connector, with the aim of building the next part of the flow:

5. Pass access_token to Data Studio by encoding and including it in the embed URL (the report will be embedded via an iFrame) as per this section
6. Extract access_token from embed URL in App Script as per the statement "This will be used to capture a token from embed URL's parameters." from this section
7. Hit the API endpoint with the app_secret and access_token from App Script to validate and receive the user permissions associated with the access_token IF validation checks pass in Anvil, otherwise return appropriate error message
8. Construct query based on user permissions and get data from BigQuery using this approach ... then set schema etc...

However, upon reaching step 6 in this flow where I need to parse the access_token from the URL, the code included in the Write the Connector Code section takes the token as a user-inputted text field and does not take it from the embed URL's parameters (which to me makes no sense as making a user continually manually transpose a short-lived token seems to negate the point of this exercise).

I am also unable to find documentation in the API reference on how to achieve this.

PLEASE, does anybody know how to capture parameters from Report Embed URLs in an App Script Community Connector? I assumed it was possible from the documentation:

getConfig() should return at least one config item. This will be used to capture a token from embed URL's parameters.

Thank you for taking the time!

Answer 1

a. I'm assuming access_token is an overridable config parameter in your getConfig .

b. When you create the initial report, during the data source creation, you can put in any value in access_token config field. However, check the box to 'Allow "access_token" to be modified in reports'. That means, report viewers will be able to override this value even though they do not have edit access to the report or the data source.

c. Confirm that your setp #5 is following the instructions here to pass the override value for access_token .

d. That's it. Now it is irrelevant what value you put in for access_token during initial report creation. For user X, your portal was pass the value hash(user, timestamp) as the value for access_token . In your connector's getData function, request.configParams.access_token will return that specific value. You can then call your endpoint with that value to get back the user identity.