When working with embedded Miro boards, it is important that users work with their own authentication. This ensures that access and content management remain consistent, and avoids creating permissions gaps.
Currently, there is no API for developers to authenticate users in Embed. Instead, Miro handles the authentication via 3rd-party cookies, and the embedded board reflects the access level of the Miro board. For example, if a user has
view access to a Miro board, then they will have
view access on that embedded board.
A user may be prompted to sign-in to Miro in the following cases:
- via a sign-in button on an embedded board
- when opening the
In both cases, the Miro sign-in page is opened. The page can be opened in a new tab, in a new browser window, or in a pop-up. The Miro sign-in page cannot be opened in an iframe, as a security precaution.
After the user authentication via the Miro interface is completed, an authentication cookie will be added to the browser's local storage and the user will be redirected back to the previous window.
Sometimes users work in environments where 3rd-party cookies are blocked or are not shared with the targeted iframe, such as with incognito browsers, WebViews, or Electron apps.
In this case, the Miro authentication mechanism should automatically recognize the situation and use a
POST message to share the authentication cookie directly with the iframe. For this to succeed,
POST messages must be enabled within the application where the iframe sits (e.g. within your Electron App).
If you want to force
POST-message-based authentication, please add the
usePostAuth=true URL parameter to your embed URL.
Updated 13 days ago