Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik GA: Multivariate Time Series in Qlik Predict: Get Details
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
yosuke-coupa
Partner - Contributor III
Partner - Contributor III
‎2024-02-16 02:35 PM

February 2024 release: Change in OAuth CRUD authorization?

We have a unique OEM use-case where we need to create, configure, and delete OAuth M2M clients programmatically.  We are using undocumented API endpoints for this use-case (see below).  Everything was working until yesterday.  It seems like the February release of Qlik Cloud went out yesterday.  We noticed the following API behavior change is causing our OEM workflow to no longer work.  We are looking for advise on how to resolve the issue.

We have a trusted M2M OAuth client with a Tenant Admin role, with the scopes, user_default , admin_classic, and offline_access.  It was able to create an M2M OAuth client programmatically by making the following request.

curl -X POST --location 'https://some-tenant.us.qlikcloud.com/api/v1/oauth-clients' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'qlik-web-integration-id: <webIntegrationId>' \
--header 'Origin: https://some.origin.com' \
--header 'Authorization: Bearer <token>' \
--data '{
  "app_type": "web",
  "client_name": "some client",
  "description": "a temporary client",
  "allowedGrantTypes": [
    "client_credentials"
  ],
  "allowedScopes":[
    "user_default",
    "admin_classic",
    "offline_access"
  ]
}'

 

However, this endpoint now returns a 403.  Allowing all scopes and roles to the M2M OAuth client that is making the request still returns a 403.  Deleting and recreating the M2M OAuth client making the request also is causing the same issue.

What could we potentially do to allow an M2M OAuth client to create and configure other M2M OAuth clients?

Labels (2)
Labels
477 Views
0 Likes
1 Solution

Accepted Solutions
DaveChannon
Employee
Employee
‎2024-02-19 04:49 AM

Hi @yosuke-coupa 

We don't support usage of unpublished (i.e. not published on https://qlik.dev) APIs, however we do have work ongoing to prepare this API for publishing, which potentially is what's caused the changes you've seen.

Once an API is published, it is governed and we are required to publish notice of breaking changes on the changelog at qlik.dev.

I'll reach out about this specific API over email.

View solution in original post

427 Views
1 Reply
DaveChannon
Employee
Employee
‎2024-02-19 04:49 AM

Hi @yosuke-coupa 

We don't support usage of unpublished (i.e. not published on https://qlik.dev) APIs, however we do have work ongoing to prepare this API for publishing, which potentially is what's caused the changes you've seen.

Once an API is published, it is governed and we are required to publish notice of breaking changes on the changelog at qlik.dev.

I'll reach out about this specific API over email.

428 Views