Update and Changes coming soon to JSON Web Token (JWT) Authorization
With our June 7, 2022 release, Qlik Cloud will introduce tighter controls for JWT Authorizations logins. These new controls will enhance the security for tenant logins using JWTs employing two new attributes and one new limitation:
- The JTI which is a unique identifier that prevents JWT reuse.
- The NotBefore (nbf) attribute which sets the amount of time required to pass before the JWT is valid for use
- The JWT token validity cannot exceed 3600 seconds
This change will occur from June 7, 2022, onward with all JWT configurations requiring these security attributes in the signed token in order to successfully login to the tenant.
For all customers with current JWT configurations, there will be a grace period through July 19, 2022, to allow for the updating of JWT token creation code to include these two new attributes. Please note that after July 19th, customers using JWT login methods without these additional attributes will be denied access.
Where do I go for implementation help?
A step by step instruction guide is available here on https://qlik.dev/ for use by team members who implemented the JWT code originally for authorization logins.
Please check our Support Blog week of May 30th for additional information.
What happens if I miss the July 19th date for updating?
Customers will need to submit a ticket to Qlik Support to have access to JWT login restored.
Other questions?
Chat with us on Qlik Community or please submit a Support ticket as needed.
Qlik Global Product Management/Product Marketing
.png "Former Employee"){kind=icon}
