JWT param not working on embedded iframe?

Hi, I’m authenticating to searchguard using JWT. Now, when I hit a URL like
http://localhost:9200/app/kibana?jwtparam=xxx

``

Then it actually works, and I seem to be properly authenticated to Kibana. Yay!

However, when I try to embed a dashboard as an iFrame in my site, I also add the jwtparam field to my request, however, the request now takes the following shape:
http://localhost:5601/app/kibana#/dashboard/[dashboard-id]?embed=true&jwtparam=[my_jwt_token]&_g=[kibana’s_parameters_to_the_dashboard]

``

And this tells me that my token is invalid! Boo.

So basically, my jwt token is refused when sent as a parameter to the dashboard. Is this expected behaviour? Is there some kind of workaround? I’m simply trying to embed a dashboard in my site without triggering an obvious sign-on process. Seems like embedding the token in the iFrame’s URL is the way, but I could stick it in the Auth header - or is there something I’m missing?

I should add:

Kibana: 6.4.2-17

Elasticsearch: 6.4.2-23.2

Help with this would be greatly appreciated!

Any guidance on this would be great - does the following link apply to my question too?

https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topic/search-guard/j7Jj279_3fk

Seems to do the trick! So I just had to put the jwtparam on the app/kibana section of the URL, now auth is apparently fine!

It seems I got lucky as all hell?

http://localhost:5601/app/kibana?jwtparam=[my_jwt_token]#/dashboard/[dashboard-id]?embed=true&_g=[kibana’s_parameters_to_the_dashboard]