Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
kpa_winc
Contributor
Contributor
‎2021-02-02 11:45 PM

How to get accessing user information inside Custom Connector(built using QVX SDK) inside Qlik Sense HUB ?

We are building  a POC custom connector using QVX SDK that will be used inside Qlik Sense HUB. 

This connector is expected implement OAuth flow and execute data product APIs.  

In this POC,

- User will be using Qlik Sense HUB to create connection using custom connector

- Custom connector will help user to authenticate and store the tokens in-memory ticket store

- When an user executes the custom connector to retrieve data from APIs, the custom connector should detect who the user is and retrieve the tokens from in-memory cache and execute the API call.

We have below questions while implementing the flow,

1. Are there any means to acquire the executing user’s context such as id, username..etc in the .exe (QVX Custom connector) without associating the user details in connection string?

2. Qlik admins can see all the connections created by users and are able to execute the APIs on behalf of them. This breaches our security model. Are there any settings/configurations that prevents Qlik Admins using other users’ connections?

1 user say ditto
573 Views
0 Likes
2 Replies
cjgorrin
Contributor III
Contributor III
‎2023-11-13 07:15 AM

Did you ever get an answer for this question? I would also like to develop a custom connector that needs to be aware of the Qlik user who is trying to fetch the data.

276 Views
0 Likes
cjgorrin
Contributor III
Contributor III
‎2023-11-22 10:48 AM

Just to leave this information here in case anybody else stumbles upon the same issue.

This is my understanding: all messages passed from Qlik Sense to the connector through the pipe (not through .exe parameters) are in XML format. I can confirm Qlik Sense May 2023 sends the username, the app ID and the session ID as part of these messages. However, the SDK does not pass these values to the methods you can overwrite, so, when the XML message is transformed into a QvxRequest object, this information is lost, even before the request itself can be handled.

This is an example of one of the messages Qlik Sense sends to the connector through the pipe:

<QvxRequest>
	<Command>QVX_GENERIC_COMMAND</Command>
	<Parameters>
		<String>JsonRequest</String>
		<String>getInfo</String>
		<String/>
		<String/>
		<String/>
	</Parameters>
	<AppId>abcde123-ab12-cd34-ef56-abcdef123456</AppId>
	<UserId>UserDirectory=FOO; UserId=bar</UserId>
	<SessionId>3</SessionId>
	<FeatureConfiguration/>
</QvxRequest>

Unfortunately, accessing the user ID and the app ID from the HandleJsonRequest and the ExtractQuery methods would require Qlik to modify the SDK, which has not been touched since 2015 or so.

It would be very useful for custom connectors where permissions for accessing data are handled outside of Qlik.

235 Views
0 Likes