Automated login when embedding with OAuth2

pperdigo — Tue, 16 Jan 2024 18:59:12 GMT

Hello everyone,

From reading Auth best practices for embedding | Qlik Developer Portal, it is my understanding that the recommended way to achieve silent authentication when embedding Qlik Content into a web-app/SPA is to conform the source and target applications to use the same identity provider.

Now, for whatever reason, say it isn't viable to conform the IdP of the Qlik Tenant to match the one of the web-app. What is the recommended way to perform silent authentication in this scenario?

I've noticed that both the web-app and SPA OAuth2 client application examples on qlik.dev have a step that's a redirect to /login, which I'd like to avoid.

From what I know, an alternative would be the use of JWTs, but I worry about the 3rd party coookie issue.

Any insights or pointers in the right direction would be greatly appreciated. Thank you for your assistance.

Re: Automated login when embedding with OAuth2

jprdonnelly — Thu, 18 Jan 2024 15:03:47 GMT

@pperdigo - Please take a look at these links and see if they can assist:

https://qlik.dev/embed/iframe/authenticate/third-party-cookie-handling-with-embedded-content/

https://community.qlik.com/t5/Official-Support-Articles/Need-to-Know-Embedding-Qlik-Analytics-and-the-End-of-Third-Party/ta-p/2158755

Our product teams are dedicated to evolving with the behavior and requirements of modern browsers, please stay tuned as they continue to innovate around embedding by following along at https://qlik.dev/changelog/

Cheers!

topic Automated login when embedding with OAuth2 in Integration, Extension & APIs

Automated login when embedding with OAuth2

Re: Automated login when embedding with OAuth2