topic Re: Mashup/Capability API without a redirect for authentication? in Integration, Extension & APIs

Mashup/Capability API without a redirect for authentication?

Wed, 30 Sep 2015 13:10:04 GMT

All of the examples of the mashup/capability API in node.js that I've seen use the qlik-auth module. The drawback of the qlik-auth module is that it relies on redirection through the proxy to obtain a ticket.

What I would like to do is obtain a ticket via ajax, and defer loading the qlik client until the ticket is returned.

There doesn't, however, seem to be an API in the client to pass in the ticket and/or session and the qlik client assumes that a valid cookie is set when loaded, otherwise it redirects to the authentication URL in the virtual proxy.

How can the qlik js client be loaded without needing to be redirected to the authentication url by using the QPS session API to first obtain a ticket?

Re: Mashup/Capability API without a redirect for authentication?

Alexander_Thor — Wed, 30 Sep 2015 16:08:42 GMT

Hey Chris,

The http://sense-demo.qlik.com site does exactly that. We fetch a ticket in the background, then we consume said ticket by just issuing a GET against a resource behind the proxy with the ticket attached to it. Once the ticket has been consumed and the session cookie is present in the client you can just inject the qlik.js script into the head or manually bootstrap our API onto the page.

Process

1. Browser requests ticket from server component.

2. Server component issues ticket to user/browser

3. Browser consumes ticket by requesting https://<your QS server>/resources/img/dark_noise_16x16.png?qlikTicket=<yourticket>

4. QS Server returns the image and a Set Cookie header.

5. Discard the image and just load the qlik.js API

Re: Mashup/Capability API without a redirect for authentication?

Wed, 30 Sep 2015 17:52:02 GMT

Thanks Alexander!

Once the ticket has been consumed and the session cookie is present in the client you can just inject the qlik.js script into the head or manually bootstrap our API onto the page.

I have a follow-up question regarding this. The node.js mashup example uses a third approach, which is to load the master require.js (full html here😞

What's the difference between loading this require.js file (which is different stock require.js) and directly loading the qlik.js file? Also, can you give an example of manually bootstrapping the API? I'm not quite sure what you mean by that.

Re: Mashup/Capability API without a redirect for authentication?

Wed, 02 Mar 2016 17:38:11 GMT

Alexander, could you clarify how exactly "1. Browser requests ticket from server component." is achieved?

Re: Mashup/Capability API without a redirect for authentication?

Anonymous — Thu, 03 Mar 2016 09:34:36 GMT

This sounds like exactly what I need to do as I need to authenticate (get session for a user) via client side ajax...care to elaborate?

Re: Mashup/Capability API without a redirect for authentication?

Thu, 03 Mar 2016 13:32:17 GMT

Hi Robert,

You can read more about the authentication API here:

Authentication API ‒ Qlik Sense

The service that is used to actually obtain a ticket is here:

Add ticket ‒ Qlik Sense

If you were using normal authentication, then you wouldn't have to worry about getting a ticket since the app would do it on your behalf, but if you are using a proxy with an authentication module (as would be the case in most node.js examples), then the service you deploy (i.e. the node.js app) calls the ticket method in the QPS after using whatever authentication the application defines.

Hope that helps.

~Chris

Re: Mashup/Capability API without a redirect for authentication?

Thu, 03 Mar 2016 18:09:09 GMT

IMHO, the best place to start would be to work through one of the examples of a mashup application in node.js or the .net SDK.

That should give you a pretty good understanding of the architecture behind mashups.

If you've already gotten that far, then you'd have to give us more details on what else you'd like to know about the approach that Alexander laid out.

~Chris

Re: Mashup/Capability API without a redirect for authentication?

Alexander_Thor — Thu, 03 Mar 2016 18:09:43 GMT

When you are loading the requirejs file from behind the proxy a authentication check is performed.
So if you are not authenticated when the page tries to load requirejs it will trigger the authentication re-direct.

Re: Mashup/Capability API without a redirect for authentication?

Alexander_Thor — Thu, 03 Mar 2016 18:10:55 GMT

You build a server component that is trusted by Qlik Sense by certificates.

Your server component is responsible for authenticating the user, if that is successful you request a ticket for the user and pass it along.

Re: Mashup/Capability API without a redirect for authentication?

alexbjorlig — Tue, 24 Jan 2017 17:04:27 GMT

Just if it helps anyone - the dark_noise picture moved location

/resources/img/core/dark_noise_16x16.png

Re: Mashup/Capability API without a redirect for authentication?

eric_careta — Mon, 03 Apr 2017 12:14:48 GMT

Hi everyone!

I have a trouble related with this post issue:
I have server A and server B:
-Server A is the server where i've qlik sense server installed. (domain1)
-Server B is the server where I've have the code of QS mashup app. (domain2)

I want a Qlik ticket to authenticate app. To get this ticket I do a call to my API from the app of server B that return the string of the ticket. With this string I build an URL like this:

http://‌<my QS server>/myproxy/resources/img/dark_noise_16x16.png?qlikTicket=<myticketstring>

And put an iframe in my app to obtain the cookie to access to QlikSense.

The problem with this come when I want to import the libraryes that needs qlik to access to the app:
<script>http://<my QS server>/myproxy/resoyurces/assets/external/requirejs/require.js</script>

It seems the first access that app need to do is to import requirejs and in this moment I don't have access to the session cookie and windows autehnticate form pops up.

To fix that I tried to do a landing page that load the iframe and then redirect to my app with which needs requirejs.
The problem with that is landing page puts cookie into domain1 and I need to put it in the domain2 for my app can view it.

Is there any way to access to my app or to obtain the cookie before load requirejs or something similar?

Thanks!

Re: Mashup/Capability API without a redirect for authentication?

prabhu0505 — Wed, 04 Sep 2019 13:17:32 GMT

@eric_careta Hope you figured out solution for this, we got stuck in similar situation. Can you share the fix?

Thanks!

Re: Mashup/Capability API without a redirect for authentication?

PriyankaM08 — Sat, 28 Mar 2020 12:02:34 GMT

@prabhu0505 Did you find any solution?

Thanks in advance.