Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
We are building a POC custom connector using QVX SDK that will be used inside Qlik Sense HUB.
This connector is expected implement OAuth flow and execute data product APIs.
In this POC,
- User will be using Qlik Sense HUB to create connection using custom connector
- Custom connector will help user to authenticate and store the tokens in-memory ticket store
- When an user executes the custom connector to retrieve data from APIs, the custom connector should detect who the user is and retrieve the tokens from in-memory cache and execute the API call.
We have below questions while implementing the flow,
1. Are there any means to acquire the executing user’s context such as id, username..etc in the .exe (QVX Custom connector) without associating the user details in connection string?
2. Qlik admins can see all the connections created by users and are able to execute the APIs on behalf of them. This breaches our security model. Are there any settings/configurations that prevents Qlik Admins using other users’ connections?
Did you ever get an answer for this question? I would also like to develop a custom connector that needs to be aware of the Qlik user who is trying to fetch the data.
Just to leave this information here in case anybody else stumbles upon the same issue.
This is my understanding: all messages passed from Qlik Sense to the connector through the pipe (not through .exe parameters) are in XML format. I can confirm Qlik Sense May 2023 sends the username, the app ID and the session ID as part of these messages. However, the SDK does not pass these values to the methods you can overwrite, so, when the XML message is transformed into a QvxRequest object, this information is lost, even before the request itself can be handled.
This is an example of one of the messages Qlik Sense sends to the connector through the pipe:
<QvxRequest>
<Command>QVX_GENERIC_COMMAND</Command>
<Parameters>
<String>JsonRequest</String>
<String>getInfo</String>
<String/>
<String/>
<String/>
</Parameters>
<AppId>abcde123-ab12-cd34-ef56-abcdef123456</AppId>
<UserId>UserDirectory=FOO; UserId=bar</UserId>
<SessionId>3</SessionId>
<FeatureConfiguration/>
</QvxRequest>
Unfortunately, accessing the user ID and the app ID from the HandleJsonRequest and the ExtractQuery methods would require Qlik to modify the SDK, which has not been touched since 2015 or so.
It would be very useful for custom connectors where permissions for accessing data are handled outside of Qlik.