I tried setting "providersType" and "providersName" to "token" and using the keyword "token" instead of "username" and "password", but it returns 400 bad request in the Chrome web console. What are the keywords?
I'm using version 7.10.1 of the stack, Kibana is connected to cloud Elasticsearch hosted by https://elastic.co.
I'm loading dashboards in iFrames. The verification works, but the username and password are available in the HTML code. Using tokens, if possible, will improve security.
I'm using the index.html code from here, but the data object in the big brackets is replaced with the one in the link in the opening post of this topic:
According to the schema here, it should be possible to use tokens:
The fact that it won't improve security, since you'll still have token in this HTML and it's pretty much the same. Not to mention that token is valid for max 1 hour. But why aren't you using usual proxy setup that just stores credentials on the reverse proxy side and credentials are never exposed to the end user?
Also since 7.11 you'll be able to use anonymous access instead of Kibana + reverse proxy.