Implement JWT Authorization

Markbhai — Tue, 13 Feb 2024 05:56:40 GMT

Hi Guys,

I am integrating JWT Authentication into my web app. I have successfully obtained a token, and when I attempt to log in using JWT session, I receive a status code of '200'. However, when I try to fetch the CSRF token, it doesn't work and throws a '401 Unauthorized' error. Can anyone clarify this doubt?

const configModule = require("../config/config");

const tokenModule = require("../token/token");

async function auth(req,res) {

const { tenantDomain, qlikWebIntegrationId, appId, currentLoginType, loginTypes } = configModule;

const config = { tenantDomain, qlikWebIntegrationId, appId, currentLoginType, loginTypes };

const token = await tokenModule.generate();

const login = await fetch(

`https://${tenantDomain}/login/jwt-session?qlik-web-integration-id=${qlikWebIntegrationId}`,

{

method: "POST",

credentials: "include",

mode: "cors",

headers: {

"content-type": "application/json",

Authorization: `Bearer ${token}`,

"qlik-web-integration-id": qlikWebIntegrationId

rejectunAuthorized: false

}

);

const csrfTokenInfo = await (await fetch(

`https://${tenantDomain}/api/v1/csrf-token?qlik-web-integration-id=${qlikWebIntegrationId}`,

{

credentials: "include",

headers: {

"Qlik-Web-Integration-ID": qlikWebIntegrationId

}

));

return { config, csrfTokenInfo }

}

module.exports = {auth};

Re: Implement JWT Authorization

pperdigo — Tue, 05 Mar 2024 12:22:59 GMT

Check if session cookies are set after the login/jwt-session call, maybe you have 3rd-party-cookies blocked on your browser.

Re: Implement JWT Authorization

dcandyalex — Tue, 05 Mar 2024 15:47:26 GMT

Hi Markbhai

A 401 Error in this case is due to you not being authorised to make that csrf-token fetch request. If you are doing this in the front-end they should be present but check as @pperdigo suggested. If they are missing you could set the cookies in the subsequent call and then Qlik will think you're authorised and you should get a 200 or 204

Hope this helps

topic Re: Implement JWT Authorization in Qlik Automate

Implement JWT Authorization

Re: Implement JWT Authorization

Re: Implement JWT Authorization