qs-jwt: A new open source tool for creating JWTs

mountaindude — Tue, 22 Mar 2022 12:53:40 GMT

Edit:

A few days ago qs-jwt 1.10.0 was released.
The main new feature is support for QS Cloud JWTs.

With this version it's now very easy to automate JWT creation for both QS Cloud and client-managed Qlik Sense, for example when short lived credentials (in the form of JWTs) should be created as part of a CI/CD pipeline or to give some third party system time-limited access to QS.

qs-jwt is still open source and free to use, of course.
Latest version available here.

--------------

tl;dr

qs-jwt is a cross platform, open source tool that makes it trivial to create JSON Web Tokens (JWTs) from the command line.
In this first version JWTs for client-managed Qlik Sense (on Windows) can be created.
Windows, Linux and macOS versions of the tool are available from https://github.com/ptarmiganlabs/qs-jwt

Long version

JWTs are an excellent, well established way to provide authenticated access to APIs.

With client-managed Qlik Sense (=QSEoW) certificates provide very flexible authentication, but therein also lies a problem: With certificate access to Sense APIs the calling system can impersonate any user, which is less than ideal from a security point of view.

There are some good posts on qlik.dev around JWTs. Both how to create them and how to set up virtual proxies to work with JWTs.

I however still felt the whole process of creating JWTs was too manual.
And not at all suited for production grade use in CI/CD pipelines etc.

So... enter qs-jwt.
https://github.com/ptarmiganlabs/qs-jwt

It's cross platform (Win, macOs, Linux).
It's a single binary, no installation needed. Just download and run.
It is specifically created to be easy to use in automation scripts and Continuous Integration (CI) pipelines.
It can create JWTs for client-managed Qlik Sense. Qlik Cloud support is around the corner.
It creates JWTs that embed both user identify and any other metadata than can be expressed in string format.
It places an expiry time in the JWT, making the JWT useless after that moment.
It can use an existing set of private key/certificate, or create new ones.
The macOS binary is signed by Apple. A signed Windows binary just might be coming too..
It has an easy to understand, permissive MIT open source license.

Enjoy!

Re: qs-jwt: A new open source tool for creating JWTs

rzenere_avvale — Tue, 15 Mar 2022 13:03:59 GMT

Seems really interesting, I'll give it a good try. Thanks @mountaindude !

Riccardo

topic Re: qs-jwt: A new open source tool for creating JWTs in Integration, Extension & APIs

qs-jwt: A new open source tool for creating JWTs

Re: qs-jwt: A new open source tool for creating JWTs