Architecture overview
LP Analytics dashboards can be shared with a third party application via an embeddable link.
This link is secured with a web token. A web token carries information about:
- The authorization to access the dashboard (if the token used in the link is not valid, the dashboard will not be displayed)
- An optional payload to filter the dashboard
- An optional expiration date for the link
By default the link shared from the Analytics UI is permissive. It does not carry any additional payload and never expires.
Generate custom tokens
The third party application can generate a more restrictive token for its users by setting:
- An expiry date for the link. The same link used in the future will not allow access to the dashboard past the expiration date
- A filter on the dashboard data: The link can only be used to access a specific subset of the data
Embedded dashboards
The link to the dashboard is completed with the obtained JWT and can be used as a link or in an iframe.
https://insights.learningpool.com/contexts/<context id>/shared/<JWT>
Expiration example
To give access to a dashboard for the rest of the year 2023, use the unix timestamp 1704067200
“Exp”: 1704067200
Dashboard filter example
The model we use contains a table xapi_verbs which contains a field verb_name.
If we want to share the dashboard with a filter on that field predefined to a specific value (e.g. completed), we need to provide this token:
"dashboardFilter" :[
{"jaql": {
"table": "xapi_verbs",
"column": "verb_name",
"dim": "[xapi_verbs.verb_name]",
"datatype": "text",
"merged": true,
"collapsed": true,
"title": "verb_name",
"filter": {
"members": ["completed"]
}}
}
]
🔗Dashboard link containing a custom dashboard filter
Note that users can still change the filter and access the full dataset.
Model filter example
To restrict access to a specific subset of data, a model filter needs to be used
"dataModelFilter":[
{
"datasourceTitle":"xAPI Analytics - Demo",
"table": "xapi_verbs",
"column": "verb_name",
"allMembers":null,
"datatype": "text",
"members": ["attempted", "completed"],
"exclusionary":false
}]
🔗Dashboard link containing a custom model filter
In this example the data access is restricted. The user cannot access the wider dataset.
The two types of filters can be combined to restrict the access to a subset AND initialise a filter on the subset
🔗Dashboard link combining the two types of filters
Users can change the filter but can only see the permitted subset.
Additional resources
Manual JWT generation: https://jwt.io/
JWT generation libraries
- Python: https://pypi.org/project/Authlib/
- .Net: https://www.nuget.org/packages/jose-jwt/
- Java: https://connect2id.com/products/nimbus-jose-jwt
- Node.js: https://www.npmjs.com/package/node-jose