topic Re: Authentication from a Mashup page against a SaaS Qlik Sense account in Integration, Extension & APIs

Authentication from a Mashup page against a SaaS Qlik Sense account

Umbi — Thu, 09 Sep 2021 16:22:25 GMT

Hello there,

I am trying to resolve an authentication issue in a Mashup SaaS environment.

The idea is that the WEB Page which includes some objects from a app located in a SaaS Qlik Sense account, should authenticate automatically against Qlik Sense. This should be possible as per following link:

https://help.qlik.com/en-US/sense-developer/June2020/Subsystems/Mashups/Content/Sense_Mashups/mashups-authentication-cloud.htm

The Mashup page works fine if I am logged into SaaS Qlik Sense, but as soon as I log out the mash up page returns the following:

{"errors":[{"title":"Illegal returnto value","code":"LOGIN-8","status":"401"}],"traceId":"00000000000000007fd44c6992f8d054"}

Not sure if anybody has tried that already?

I suspect the problem is in Qlik Sense help code provided is where to pass the credentials.

I think that is a very tricky bit which could create security issues.

IAccording to the code in the help:

//Check to see if logged in
return await fetch(`${urlQlikServer}${urlLoggedIn}`, {
credentials: 'include',
headers: {
'Qlik-Web-Integration-ID':webIntegrationId
}
})

what is 'include' exactly?!

Please help if you have any clue!

Thanks,

Umberto

Re: Authentication from a Mashup page against a SaaS Qlik Sense account

linnakry — Fri, 19 Aug 2022 09:00:14 GMT

@Umbi Did you manage to solve this? I am having the same problem with /login/jwt-session.

Re: Authentication from a Mashup page against a SaaS Qlik Sense account

stefanstoichev123 — Fri, 19 Aug 2022 09:23:51 GMT

credentials: 'include'

Instructs fetch to send the stored cookies for the request site. More on include option

Regarding the issue. Any chance your browser is set to not send third-party cookies?

Stefan

Re: Authentication from a Mashup page against a SaaS Qlik Sense account

linnakry — Fri, 19 Aug 2022 09:31:28 GMT

@stefanstoichev123 : my fetch requests include credentials: 'include' & the browser is set to allow third party cookies too. It seem that require.js was redirecting to window.location but maybe it is missing qlik-web-integration-id? I am not so sure. Below is from require.js.

try {
const [e,t] = await Promise.all([i().get(`${o.Z.rootPath}api/v1/users/me`), i().get(`${o.Z.rootPath}api/v1/claims/me`)]);
a = e.data,
a.roles = [...t.data.roles]
} catch (t) {
var e;
i().isAxiosError(t) && 401 === (null === (e = t.response) || void 0 === e ? void 0 : e.status) && window.location.replace(`${o.Z.rootPath}login?returnto=${window.location}`)
}

Re: Authentication from a Mashup page against a SaaS Qlik Sense account

linnakry — Mon, 29 Aug 2022 07:37:47 GMT

The problem was that there was another code requesting require.js just after the user authentication. The user authentication hasn't been finished yet and then require.js runs which causes the error.

The solution is to wait until the user authentication is completed before requesting require.js from Qlik.