topic Delay in Qlik Embed(@qlik/embed-react) After JWT Cookie Auth — “No Permission to Open App” for 2 Minutes in Integration, Extension & APIs https://community.qlik.com/t5/Integration-Extension-APIs/Delay-in-Qlik-Embed-qlik-embed-react-After-JWT-Cookie-Auth-No/m-p/2521062#M22287 <P>&nbsp;</P> <P data-start="213" data-end="231">Hi Qlik Community,</P> <P data-start="233" data-end="533">We're integrating <STRONG data-start="251" data-end="265">Qlik Embed</STRONG> (<CODE data-start="267" data-end="286"><a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/229862">@qlik</a>/embed-react</CODE>) into a <STRONG data-start="295" data-end="339">Next.js application (React + TypeScript)</STRONG> using <STRONG data-start="346" data-end="389">cookie-based JWT session authentication</STRONG>. Everything works, but we’re consistently experiencing a <STRONG data-start="447" data-end="465">2-minute delay</STRONG> after session initialization before Qlik objects become accessible.</P> <HR data-start="535" data-end="538" /> <H3 data-start="540" data-end="553">Setup:</H3> <UL data-start="554" data-end="1272"> <LI data-start="554" data-end="974"> <P data-start="556" data-end="578"><STRONG data-start="556" data-end="578">Backend auth flow:</STRONG></P> <OL data-start="581" data-end="974"> <LI data-start="581" data-end="649"> <P data-start="584" data-end="649">User logs into our app via <STRONG data-start="611" data-end="630">Keycloak (OIDC)</STRONG> using <CODE data-start="637" data-end="648">next-auth</CODE>.</P> </LI> <LI data-start="652" data-end="714"> <P data-start="655" data-end="714">Backend sends Keycloak token to our API.</P> </LI> <LI data-start="717" data-end="897"> <P data-start="720" data-end="784">We call <CODE data-start="728" data-end="778">https://&lt;tenant&gt;.qlikcloud.com/login/jwt-session</CODE> with:</P> <UL data-start="790" data-end="897"> <LI data-start="790" data-end="832"> <P data-start="792" data-end="832"><CODE data-start="792" data-end="832">Authorization: Bearer &lt;our custom JWT&gt;</CODE></P> </LI> <LI data-start="838" data-end="865"> <P data-start="840" data-end="865"><CODE data-start="840" data-end="865">qlik-web-integration-id</CODE></P> </LI> <LI data-start="871" data-end="897"> <P data-start="873" data-end="897"><CODE data-start="873" data-end="897">credentials: "include"</CODE></P> </LI> </UL> </LI> <LI data-start="900" data-end="974"> <P data-start="903" data-end="974">Then call <CODE data-start="913" data-end="961">https://&lt;tenant&gt;.qlikcloud.com/api/v1/users/me</CODE> to validate.</P> </LI> </OL> </LI> <LI data-start="976" data-end="1272"> <P data-start="978" data-end="997"><STRONG data-start="978" data-end="997">Frontend setup:</STRONG></P> <DIV class="contain-inline-size rounded-2xl border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary"> <DIV class="sticky top-9">&nbsp;</DIV> <PRE class="overflow-y-auto p-4" dir="ltr"><CODE class="whitespace-pre! language-ts"><SPAN><SPAN class="hljs-keyword">const</SPAN> hostConfig = { <SPAN class="hljs-attr">host</SPAN>: <SPAN class="hljs-string">"https://&lt;tenant&gt;.qlikcloud.com"</SPAN>, <SPAN class="hljs-attr">authType</SPAN>: <SPAN class="hljs-string">"cookie"</SPAN>, <SPAN class="hljs-attr">webIntegrationId</SPAN>: <SPAN class="hljs-string">"WEBID"</SPAN>, }; <SPAN class="hljs-keyword">return</SPAN> ( <SPAN class="language-xml"><SPAN class="hljs-tag">&lt;<SPAN class="hljs-name">QlikEmbedConfig.Provider</SPAN></SPAN></SPAN> <SPAN class="hljs-attr">value</SPAN>=<SPAN class="hljs-string">{hostConfig}</SPAN>&gt;<BR /> // <STRONG>Custom build Qlik Layout using the QlikEmbed Components from @qlik/embed-react</STRONG> <SPAN class="hljs-tag">&lt;<SPAN class="hljs-name">QlikLayout</SPAN></SPAN> <SPAN class="hljs-attr">appId</SPAN>=<SPAN class="hljs-string">"APPID"</SPAN> /&gt; <SPAN class="hljs-tag">&lt;/<SPAN class="hljs-name">QlikEmbedConfig.Provider</SPAN></SPAN>&gt; ); </SPAN></CODE></PRE> </DIV> </LI> </UL> <HR data-start="1274" data-end="1277" /> <H3 data-start="1279" data-end="1295">The issue:</H3> <P data-start="1296" data-end="1360">Immediately after cookie is set, the embed component fails with:</P> <P><LI-WRAPPER></LI-WRAPPER></P> <PRE class="overflow-visible!" data-start="1362" data-end="1510"><CODE class="whitespace-pre!"><SPAN><FONT color="#FF0000">Fatal error for embedded ui analytics/selections:</FONT> <FONT color="#FF0000">Failed to open app APPID <SPAN class="hljs-literal">on</SPAN> https://&lt;tenant&gt;.qlikcloud.com: No permission to open the app</FONT></SPAN></CODE></PRE> <UL data-start="1512" data-end="1637"> <LI data-start="1512" data-end="1548"> <P data-start="1514" data-end="1548">&nbsp;<STRONG>No 400 errors</STRONG> in Qlik API calls.</P> </LI> <LI data-start="1549" data-end="1637"> <P data-start="1551" data-end="1637"><span class="lia-unicode-emoji" title=":stopwatch:">⏱</span> After exactly <STRONG data-start="1567" data-end="1580">2 minutes</STRONG>, everything starts working normally and Qlik loads fine.</P> </LI> </UL> <HR data-start="1628" data-end="1631" /> <H3 data-start="1633" data-end="1659">&nbsp;What We've Verified:</H3> <UL data-start="1660" data-end="1911"> <LI data-start="1660" data-end="1721"> <P data-start="1662" data-end="1721">&nbsp;The JWT’s <CODE data-start="1674" data-end="1679">nbf</CODE> is set <STRONG data-start="1687" data-end="1709">30 seconds earlier</STRONG> than <CODE data-start="1715" data-end="1720">iat</CODE>.</P> </LI> <LI data-start="1773" data-end="1835"> <P data-start="1775" data-end="1835">Cookies are set correctly (<CODE data-start="1804" data-end="1827">SameSite=None; Secure</CODE>, etc.).</P> </LI> <LI data-start="1836" data-end="1911"> <P data-start="1838" data-end="1911">The <CODE data-start="1844" data-end="1855">/users/me</CODE> call confirms the user immediately after <CODE data-start="1897" data-end="1910">jwt-session</CODE>.</P> </LI> </UL> <H3 data-start="1644" data-end="1661">Questions:</H3> <UL data-start="1662" data-end="1914"> <LI data-start="1662" data-end="1745"> <P data-start="1664" data-end="1745">Is this delay a known side-effect of cookie-based JWT login in Qlik Cloud?</P> </LI> <LI data-start="1746" data-end="1839"> <P data-start="1748" data-end="1839">Is there a background delay in Qlik session activation after <CODE data-start="2080" data-end="2094">/jwt-session</CODE>?</P> </LI> <LI data-start="1840" data-end="1914"> <P data-start="1842" data-end="1914">Are we missing a final handshake to make the session active immediately?</P> </LI> </UL> <P data-start="1916" data-end="2007">We want users to load Qlik content instantly after login, without waiting or seeing errors.</P> <P data-start="2009" data-end="2080">Thanks in advance for any insight!</P> Thu, 12 Jun 2025 18:26:14 GMT VladGordeyko 2025-06-12T18:26:14Z Delay in Qlik Embed(@qlik/embed-react) After JWT Cookie Auth — “No Permission to Open App” for 2 Minutes https://community.qlik.com/t5/Integration-Extension-APIs/Delay-in-Qlik-Embed-qlik-embed-react-After-JWT-Cookie-Auth-No/m-p/2521062#M22287 <P>&nbsp;</P> <P data-start="213" data-end="231">Hi Qlik Community,</P> <P data-start="233" data-end="533">We're integrating <STRONG data-start="251" data-end="265">Qlik Embed</STRONG> (<CODE data-start="267" data-end="286"><a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/229862">@qlik</a>/embed-react</CODE>) into a <STRONG data-start="295" data-end="339">Next.js application (React + TypeScript)</STRONG> using <STRONG data-start="346" data-end="389">cookie-based JWT session authentication</STRONG>. Everything works, but we’re consistently experiencing a <STRONG data-start="447" data-end="465">2-minute delay</STRONG> after session initialization before Qlik objects become accessible.</P> <HR data-start="535" data-end="538" /> <H3 data-start="540" data-end="553">Setup:</H3> <UL data-start="554" data-end="1272"> <LI data-start="554" data-end="974"> <P data-start="556" data-end="578"><STRONG data-start="556" data-end="578">Backend auth flow:</STRONG></P> <OL data-start="581" data-end="974"> <LI data-start="581" data-end="649"> <P data-start="584" data-end="649">User logs into our app via <STRONG data-start="611" data-end="630">Keycloak (OIDC)</STRONG> using <CODE data-start="637" data-end="648">next-auth</CODE>.</P> </LI> <LI data-start="652" data-end="714"> <P data-start="655" data-end="714">Backend sends Keycloak token to our API.</P> </LI> <LI data-start="717" data-end="897"> <P data-start="720" data-end="784">We call <CODE data-start="728" data-end="778">https://&lt;tenant&gt;.qlikcloud.com/login/jwt-session</CODE> with:</P> <UL data-start="790" data-end="897"> <LI data-start="790" data-end="832"> <P data-start="792" data-end="832"><CODE data-start="792" data-end="832">Authorization: Bearer &lt;our custom JWT&gt;</CODE></P> </LI> <LI data-start="838" data-end="865"> <P data-start="840" data-end="865"><CODE data-start="840" data-end="865">qlik-web-integration-id</CODE></P> </LI> <LI data-start="871" data-end="897"> <P data-start="873" data-end="897"><CODE data-start="873" data-end="897">credentials: "include"</CODE></P> </LI> </UL> </LI> <LI data-start="900" data-end="974"> <P data-start="903" data-end="974">Then call <CODE data-start="913" data-end="961">https://&lt;tenant&gt;.qlikcloud.com/api/v1/users/me</CODE> to validate.</P> </LI> </OL> </LI> <LI data-start="976" data-end="1272"> <P data-start="978" data-end="997"><STRONG data-start="978" data-end="997">Frontend setup:</STRONG></P> <DIV class="contain-inline-size rounded-2xl border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary"> <DIV class="sticky top-9">&nbsp;</DIV> <PRE class="overflow-y-auto p-4" dir="ltr"><CODE class="whitespace-pre! language-ts"><SPAN><SPAN class="hljs-keyword">const</SPAN> hostConfig = { <SPAN class="hljs-attr">host</SPAN>: <SPAN class="hljs-string">"https://&lt;tenant&gt;.qlikcloud.com"</SPAN>, <SPAN class="hljs-attr">authType</SPAN>: <SPAN class="hljs-string">"cookie"</SPAN>, <SPAN class="hljs-attr">webIntegrationId</SPAN>: <SPAN class="hljs-string">"WEBID"</SPAN>, }; <SPAN class="hljs-keyword">return</SPAN> ( <SPAN class="language-xml"><SPAN class="hljs-tag">&lt;<SPAN class="hljs-name">QlikEmbedConfig.Provider</SPAN></SPAN></SPAN> <SPAN class="hljs-attr">value</SPAN>=<SPAN class="hljs-string">{hostConfig}</SPAN>&gt;<BR /> // <STRONG>Custom build Qlik Layout using the QlikEmbed Components from @qlik/embed-react</STRONG> <SPAN class="hljs-tag">&lt;<SPAN class="hljs-name">QlikLayout</SPAN></SPAN> <SPAN class="hljs-attr">appId</SPAN>=<SPAN class="hljs-string">"APPID"</SPAN> /&gt; <SPAN class="hljs-tag">&lt;/<SPAN class="hljs-name">QlikEmbedConfig.Provider</SPAN></SPAN>&gt; ); </SPAN></CODE></PRE> </DIV> </LI> </UL> <HR data-start="1274" data-end="1277" /> <H3 data-start="1279" data-end="1295">The issue:</H3> <P data-start="1296" data-end="1360">Immediately after cookie is set, the embed component fails with:</P> <P><LI-WRAPPER></LI-WRAPPER></P> <PRE class="overflow-visible!" data-start="1362" data-end="1510"><CODE class="whitespace-pre!"><SPAN><FONT color="#FF0000">Fatal error for embedded ui analytics/selections:</FONT> <FONT color="#FF0000">Failed to open app APPID <SPAN class="hljs-literal">on</SPAN> https://&lt;tenant&gt;.qlikcloud.com: No permission to open the app</FONT></SPAN></CODE></PRE> <UL data-start="1512" data-end="1637"> <LI data-start="1512" data-end="1548"> <P data-start="1514" data-end="1548">&nbsp;<STRONG>No 400 errors</STRONG> in Qlik API calls.</P> </LI> <LI data-start="1549" data-end="1637"> <P data-start="1551" data-end="1637"><span class="lia-unicode-emoji" title=":stopwatch:">⏱</span> After exactly <STRONG data-start="1567" data-end="1580">2 minutes</STRONG>, everything starts working normally and Qlik loads fine.</P> </LI> </UL> <HR data-start="1628" data-end="1631" /> <H3 data-start="1633" data-end="1659">&nbsp;What We've Verified:</H3> <UL data-start="1660" data-end="1911"> <LI data-start="1660" data-end="1721"> <P data-start="1662" data-end="1721">&nbsp;The JWT’s <CODE data-start="1674" data-end="1679">nbf</CODE> is set <STRONG data-start="1687" data-end="1709">30 seconds earlier</STRONG> than <CODE data-start="1715" data-end="1720">iat</CODE>.</P> </LI> <LI data-start="1773" data-end="1835"> <P data-start="1775" data-end="1835">Cookies are set correctly (<CODE data-start="1804" data-end="1827">SameSite=None; Secure</CODE>, etc.).</P> </LI> <LI data-start="1836" data-end="1911"> <P data-start="1838" data-end="1911">The <CODE data-start="1844" data-end="1855">/users/me</CODE> call confirms the user immediately after <CODE data-start="1897" data-end="1910">jwt-session</CODE>.</P> </LI> </UL> <H3 data-start="1644" data-end="1661">Questions:</H3> <UL data-start="1662" data-end="1914"> <LI data-start="1662" data-end="1745"> <P data-start="1664" data-end="1745">Is this delay a known side-effect of cookie-based JWT login in Qlik Cloud?</P> </LI> <LI data-start="1746" data-end="1839"> <P data-start="1748" data-end="1839">Is there a background delay in Qlik session activation after <CODE data-start="2080" data-end="2094">/jwt-session</CODE>?</P> </LI> <LI data-start="1840" data-end="1914"> <P data-start="1842" data-end="1914">Are we missing a final handshake to make the session active immediately?</P> </LI> </UL> <P data-start="1916" data-end="2007">We want users to load Qlik content instantly after login, without waiting or seeing errors.</P> <P data-start="2009" data-end="2080">Thanks in advance for any insight!</P> Thu, 12 Jun 2025 18:26:14 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Delay-in-Qlik-Embed-qlik-embed-react-After-JWT-Cookie-Auth-No/m-p/2521062#M22287 VladGordeyko 2025-06-12T18:26:14Z Re: Delay in Qlik Embed(@qlik/embed-react) After JWT Cookie Auth — “No Permission to Open App” for 2 Minutes https://community.qlik.com/t5/Integration-Extension-APIs/Delay-in-Qlik-Embed-qlik-embed-react-After-JWT-Cookie-Auth-No/m-p/2521453#M22305 <P>Hi&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/340592">@VladGordeyko</a>,&nbsp;it doesn't feel like something our side, but I don't have a react app to try it with. I would expect zero delay prior to having access, unless the user had previously requested the app before they were added to the relevant space or app share. Are you apply the app access on login or does the user already have access to the space/ app share before they log in?</P> Tue, 17 Jun 2025 11:11:02 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Delay-in-Qlik-Embed-qlik-embed-react-After-JWT-Cookie-Auth-No/m-p/2521453#M22305 Dave_Channon 2025-06-17T11:11:02Z Re: Delay in Qlik Embed(@qlik/embed-react) After JWT Cookie Auth — “No Permission to Open App” for 2 Minutes https://community.qlik.com/t5/Integration-Extension-APIs/Delay-in-Qlik-Embed-qlik-embed-react-After-JWT-Cookie-Auth-No/m-p/2522102#M22322 <P>Hi&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/1870">@Dave_Channon</a>&nbsp;thanks for your answer. The user should have the access to the space before call. Not sure what happened there, but we resolved the delay issue using the oauth2 with&nbsp;<SPAN>getAccessToken function calling Backend to Backend to&nbsp;</SPAN><SPAN><STRONG>/oauth/token</STRONG>.</SPAN></P> <P><SPAN>Thanks again.</SPAN></P> Tue, 24 Jun 2025 11:12:31 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Delay-in-Qlik-Embed-qlik-embed-react-After-JWT-Cookie-Auth-No/m-p/2522102#M22322 VladGordeyko 2025-06-24T11:12:31Z