unstable JWT TOKEN authentication accessing Qlik SaaS embeds

Livia_Gu — Thu, 06 Jun 2024 06:01:23 GMT

I am trying to set JWT token authentication to anonymous access to Qlik embed content by following the tutorial
https://qlik.dev/embed/iframe/quickstart/embedding-with-anonymous-access-and-qlik-cloud/

I followed the flow, and done all the steps. However, the token generated seems very unstable. most of the time, I would get unauthorised error as follow:

But sometimes, I retry the same token, it will successfully log me in, other time, it still get the same error.
It is also mentioned in this post
https://community.qlik.com/t5/Integration-Extension-APIs/Seemingly-unstable-JWT-Authentication-for-Qlik-SaaS-Mashup/td-p/1954395

so I implemented retry mechanism, code as follow:

async function retryJwtLogin(token, maxRetries = 😎 { for (let attempt = 1; attempt <= maxRetries; attempt++) { try { const loginRes = await jwtLogin(token); if (loginRes) { return loginRes; // Return the successful response } else { console.error(`Attempt ${attempt} failed`); } } catch (error) { console.error( `Attempt ${attempt} failed with error: ${error.message}` ); return null; } if (attempt < maxRetries) { console.log(`Retrying... (${attempt}/${maxRetries})`); } else { const message = "Something went wrong while logging in after multiple attempts."; throw new Error(message); } } } async function jwtLogin(token) { try { const authHeader = `Bearer ${token}`; const reponse = await fetch( `https://${TENANT}/login/jwt-session?qlik-web-integration-id=${WEBINTEGRATIONID}`, { credentials: "include", mode: "cors", method: "POST", headers: { Authorization: authHeader, "qlik-web-integration-id": WEBINTEGRATIONID, }, } ); if (reponse.status === 200) { console.log(117, await reponse.json()); return reponse; } else { console.log(117, await reponse.json()); return null; } } catch (e) { console.error(e); return null; } }

The result is still the same, most of the time i get unauthrised error, but occasionally it successfully logs me in.

my token decode is as following:

{ sub: 'ANON//fc2018e5-e566-467d-9958-bc3a8a78c480', subType: 'user', name: 'anonymous', email: 'fc2018e5-e566-467d-9958-bc3a8a78c480@anon.com', email_verified: true, iss: 'my issuer.ap.qlikcloud.com', iat: 1717650839500, nbf: 1717650901500, exp: 1717654400500, jti: 'fc2018e5-e566-467d-9958-bc3a8a78c480', aud: 'qlik.api/login/jwt-session', groups: [ 'Anonymous' ] }

I also made sure that exp does not exceed 3600 seconds and jti is unique, also I tried the method mentioned in previous post, to make iat 1 min early before current time.

Still, I have no idea why the authentication would sometimes work and sometimes fail giving the same code and configration. Does anyone also encounter this or have a solution for it? Thanks!

Re: unstable JWT TOKEN authentication accessing Qlik SaaS embeds

thomaspessato_ — Mon, 10 Jun 2024 13:53:38 GMT

@Livia_Gu Hey there! question: is it possible for you to use OAuth? I'm using it here in our services company and it is working flawlessly on Qlik Cloud with OAuth m2m impersonation, etc.

topic Re: unstable JWT TOKEN authentication accessing Qlik SaaS embeds in Integration, Extension & APIs

unstable JWT TOKEN authentication accessing Qlik SaaS embeds

Re: unstable JWT TOKEN authentication accessing Qlik SaaS embeds