Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Nov. 20th, Qlik Insider - Lakehouses: Driving the Future of Data & AI - PICK A SESSION
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
juanpcardenas
Contributor
Contributor
‎2023-01-06 05:43 PM

Integration JWT error with Qlik Saas

Hi Everyone, I am trying to integrate my external users with the JWT in Qlik SaaS. we are getting the error below

Access to XMLhttpRequest at https://tenant/login/jwt-session?qlik-web-integration-id=xxxx from origin Our https website has been blocked by CORS policy: Request header field x-csrf-token is not allowed by Access-Control-Allow-Headers in preflight response.

 

Post https://tenant/login/jwt-session?qlik-web-integration-id=xxxx net: ERR_FAILED

 

Anybody had had the same error before. Any suggestionxs.

 

Thanks

 

Juan Cardenas Pamplona
Labels (1)
Labels

  • SaaS

1,442 Views
0 Likes
1 Solution

Accepted Solutions
Aiham_Azmeh
Employee
Employee
‎2023-01-11 01:45 AM

Reading their docs, it seems like it should be possible through the transformRequest prop (overriding the default headers) docs

The alternative would be to use the browser fetch API instead.

I hope this helps

View solution in original post

1 user say ditto
1,380 Views
0 Likes
5 Replies
Aiham_Azmeh
Employee
Employee
‎2023-01-09 04:26 AM

Hi @juanpcardenas ,

Just remove it, this endpoint doesn't seem to need the csrf-token. ex:

await fetch(
      https://your-tenant/login/jwt-session`,
      {
        method: 'POST',
        credentials: 'include',
        mode: 'cors',
        headers: {
          'content-type': 'application/json',
          Authorization: `Bearer ${signedToken}`,
          'qlik-web-integration-id': <your-web-int-id>,
        },
      },
    )

 

I recommend you use our official platform TS SDK, it has function helpers for the JWTAuth flow

https://www.npmjs.com/package/@qlik/sdk#jwt-auth

https://qlik.dev/libraries-and-tools/platform-sdk

https://paka.dev/npm/@qlik/sdk@0.16.0/api

 

1,406 Views
0 Likes
juanpcardenas
Contributor
Contributor
‎2023-01-10 10:01 AM
Author

In response to Aiham_Azmeh

Hi Aiham, Thanks for you answer.

Looks like for security purposes is not possible to remove it, Check this link below

https://stackoverflow.com/questions/52506243/angularjs-remove-x-csrf-token-in-http-get

We are using Angular JS for this JWT token. 

Any other idea how to handle it? Web developers are assuming Qlik Cloud is denying it.

Juan Cardenas Pamplona
1,380 Views
0 Likes
juanpcardenas
Contributor
Contributor
‎2023-01-10 10:03 AM
Author

In response to juanpcardenas

Aiham, Do you have any suggestion to remove it from Angular JS

Juan Cardenas Pamplona
1,377 Views
0 Likes
Aiham_Azmeh
Employee
Employee
‎2023-01-11 01:45 AM

Reading their docs, it seems like it should be possible through the transformRequest prop (overriding the default headers) docs

The alternative would be to use the browser fetch API instead.

I hope this helps

1 user say ditto
1,381 Views
0 Likes
juanpcardenas
Contributor
Contributor
‎2023-01-13 03:52 PM
Author

Thanks the Angular team checked the documentation and looks like now we are not getting that error.

Juan Cardenas Pamplona
1,312 Views
0 Likes