I am embedding an Appsmith app within my Product A and using my own authentication method. I need the Appsmith app to perform requests to my API with the parent A user's Cookie header, which includes both sessions. However, the Cookie header is not currently being forwarded by Appsmith's backend. I will discuss this issue on the open feature request on Github.
The solution to enable the embedded Appsmith app to perform requests to an authenticated API when relying on its own authentication method is to forward the Cookie header that contains both Appsmith's and Product A's sessions. However, Appsmith's backend does not currently send cookies with requests sent from Appsmith, but there is an open feature request for this. The user should leave a comment with their use case to help prioritize the issue.
Until the feature is implemented, a workaround could be to manually pass the necessary authentication information (such as a token) in the HTTP headers of the Appsmith app's authenticated API datasource and queries. This would require modifying the authentication logic in both the Appsmith app and the Product A API to ensure that they can communicate with one another.
Alternatively, the user could consider using a different authentication method that is compatible with both Appsmith and their Product A API, such as OAuth or JWT. This would eliminate the need for custom header logic and improve security overall.