topic Re: Qlik Cloud login API not working in Integration, Extension & APIs

Qlik Cloud login API not working

master_t — Thu, 05 Oct 2023 10:04:32 GMT

Hello fellow devs

I'm trying to invoke the

/login/jwt-session

API in Qlik Cloud to get an authentication cookie, like described here:

https://qlik.dev/apis/rest/login#%23%2Fentries%2Flogin%2Fjwt-session-post

However, I'm receiving the following error every time:

{ "errors": [ { "title": "Invalid token request", "detail": "JWT_LOGIN_VALIDATIONS Missing required claim: jti", "code": "INTERNAL-TOKEN-1", "status": "400" } ], "traceId": "0000000000000000bbbff3e0123f1a09" }

The server is telling me that the "jti" claim is missing, however this is false. I've decoded the JWT token that I'm sending and, as you can see, all the required claims are there, including "jti":

The jti claim is a GUID that I'm generating randomly every time.

Can anyone tell me what I'm doing wrong here?

Re: Qlik Cloud login API not working

Øystein_Kolsrud — Thu, 05 Oct 2023 10:43:51 GMT

Looking at the logs for that trace ID it seems you are calling the jwt-session with an argument that it looks like is containing your JWT. Is that correct? I believe the JWT should be passed in the authorization header of the call.

Re: Qlik Cloud login API not working

Damien_V — Thu, 05 Oct 2023 10:44:29 GMT

I might be wrong but if I remember correctly Qlik Cloud expects the "jti" claim in the JWT header and not in the JWT payload.

Re: Qlik Cloud login API not working

master_t — Thu, 05 Oct 2023 12:11:32 GMT

@Damien_V : I've added jti to the header:

But I get the same error

@Øystein_Kolsrud I'm passing the JWT token via the Authorization attribute, with the usual "Bearer XXX" syntax, where XXX is the token. I was doing some testing with different parameters so maybe that log is not indicative, would you be so kind to check this trace id:

000000000000000075caa0309fa9b57d

this I've just made, with no parameters in the URL, just the bearer token, with the jti value also added to the header.

Re: Qlik Cloud login API not working

Øystein_Kolsrud — Thu, 05 Oct 2023 14:56:30 GMT

I can confirm that I don't see the parameter for that trace ID. I can't really tell you what is wrong with your setup, but if you would like to test if your JWT is correct, then you could try out this example:

https://github.com/kolsrud/qlik_rest_sdk/blob/master/Qlik.Sense.RestClient/Examples/QcsConnectJwt/Program.cs

Just replace the jwt passed to the method AsJsonWebTokenViaQcs with the one you generate and see if you can connect. If you can't then you'll know there's something wrong with your JWT generation, but if you can connect with that one, then you'll know your problem is with how you pass the JWT to QCS.

Re: Qlik Cloud login API not working

Damien_V — Fri, 06 Oct 2023 00:48:35 GMT

@master_t

Ok, I double-checked and you're right, jti is in the payload.

I compared with my own JWT token and the only difference I see is the algorithm which is not the same.
You're using RS512 and I use RS256

Can you try with RS256 and see if that works or not?

Re: Qlik Cloud login API not working

master_t — Fri, 06 Oct 2023 08:22:04 GMT

@Damien_V I've switched to RS256, but same result. You can check it on trace ID

0000000000000000027705fba6143e20

@Øystein_Kolsrud the token works, I know because in the same application I am using it to access the QS Engine, like this:

var cloudLocation = QcsLocation.FromUri(uri); cloudLocation.AsJwt(token);

and it doesn't give me any issues, it connects and I can get data from apps and all the rest.

Here is the full request I'm sending, if it is any help:

Request Headers Content-Type: application/json Authorization: Bearer eyJhbGciOi... User-Agent: PostmanRuntime/7.33.0 Accept: */* Postman-Token: e5238ab3-61bc-4724-978c-7610a34f2c6e Host: xxxxxxxx.eu.qlikcloud.com Accept-Encoding: gzip, deflate, br Connection: keep-alive Content-Length: 2 Request Body {}

Re: Qlik Cloud login API not working

master_t — Fri, 06 Oct 2023 08:40:08 GMT

Ok, I found the issue: the variable I was using in Postman to pass the token was being overridden, so I wasn't sending the correct value. Sorry for wasting your time guys, and thanks for the support.