https://community.qlik.com/t5/Integration-Extension-APIs/What-setup-differences-are-there-between-an-oauth2-embedding-and/m-p/2452072#M20557 <P>Hi,</P> <P><A href="https://qlik.dev/embed/qlik-embed/authenticate/connect-qlik-embed/#using-oauth-clients" target="_self">This</A> example describes the oauth2 setup for embedding. My understanding is that one also need to set up and configure an <A href="https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/Admin/mc-create-idp-configuration.htm" target="_self">identity provider</A>&nbsp;to get it to work.</P> <P><A href="https://qlik.dev/examples/authenticate-examples/oauth-m2m-impersonation/" target="_self">This</A> example describes impersonation setup for embedding. Using a modified version that fits my needs, I get an "Authorize" button as expected in the oauth2 case since it doesn't seem to use or look at the "getAccessToken" function to get the available access token. Instead it sends cookies to try to verify that the user is logged in.<BR />Have I made any setup misstakes?<BR />Do I need to set up an Identity provider in the impersonation case as well?<BR /><BR />In the impersonation example the token is supposed to come from the getAccessToken function. Is there a way to determine that that one is set up correctly? At the moment it doesn't seem to be triggered for me.<BR />Is there a fallback on the impersonation so that it will try to use the normal oauth approach?</P> <P>Kind regards<BR />Johan</P> Wed, 15 May 2024 11:35:06 GMT _Johan 2024-05-15T11:35:06Z https://community.qlik.com/t5/Integration-Extension-APIs/What-setup-differences-are-there-between-an-oauth2-embedding-and/m-p/2452072#M20557 <P>Hi,</P> <P><A href="https://qlik.dev/embed/qlik-embed/authenticate/connect-qlik-embed/#using-oauth-clients" target="_self">This</A> example describes the oauth2 setup for embedding. My understanding is that one also need to set up and configure an <A href="https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/Admin/mc-create-idp-configuration.htm" target="_self">identity provider</A>&nbsp;to get it to work.</P> <P><A href="https://qlik.dev/examples/authenticate-examples/oauth-m2m-impersonation/" target="_self">This</A> example describes impersonation setup for embedding. Using a modified version that fits my needs, I get an "Authorize" button as expected in the oauth2 case since it doesn't seem to use or look at the "getAccessToken" function to get the available access token. Instead it sends cookies to try to verify that the user is logged in.<BR />Have I made any setup misstakes?<BR />Do I need to set up an Identity provider in the impersonation case as well?<BR /><BR />In the impersonation example the token is supposed to come from the getAccessToken function. Is there a way to determine that that one is set up correctly? At the moment it doesn't seem to be triggered for me.<BR />Is there a fallback on the impersonation so that it will try to use the normal oauth approach?</P> <P>Kind regards<BR />Johan</P> Wed, 15 May 2024 11:35:06 GMT https://community.qlik.com/t5/Integration-Extension-APIs/What-setup-differences-are-there-between-an-oauth2-embedding-and/m-p/2452072#M20557 _Johan 2024-05-15T11:35:06Z https://community.qlik.com/t5/Integration-Extension-APIs/What-setup-differences-are-there-between-an-oauth2-embedding-and/m-p/2454759#M20621 <P>Hey&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/257568">@_Johan</a>&nbsp;</P> <P>With OAuth SPA, yes, you need an interactive identity provider in your tenant. Your web app will redirect to the tenant, which redirects to the auth, which directs back to the tenant. The user then provides consent (or not if client is trusted) and can access analytics in your app.</P> <P>The M2M impersonation approach doesn't need cookies (although they will be set with some embedding techniques). That getAccessToken function retrieves an impersonation token, and qlik-embed handles the interaction with Qlik Cloud. There is no fall back to OAuth SPA.</P> <P>Take a look at the flows here and see if it helps describe the patterns:&nbsp;<A href="https://qlik.dev/authenticate/oauth/#how-does-oauth2-work-on-qlik-cloud" target="_blank">https://qlik.dev/authenticate/oauth/#how-does-oauth2-work-on-qlik-cloud</A>&nbsp;</P> Tue, 21 May 2024 14:29:21 GMT https://community.qlik.com/t5/Integration-Extension-APIs/What-setup-differences-are-there-between-an-oauth2-embedding-and/m-p/2454759#M20621 Dave_Channon 2024-05-21T14:29:21Z