Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Learn how to migrate to Qlik Cloud Analytics™: On-Demand Briefing!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
HimabinduBunga
Contributor
Contributor
Monday

Issue With OAuth Embed: /api/v1/users/me Returns 301 → “Connection Lost” Error

Issue With OAuth Embed: /api/v1/users/me Returns 301 → “Connection Lost” Error

We are embedding a Qlik Sense dashboard using the <qlik-embed> web component and authenticating via OAuth.
The OAuth flow works correctly, and we are able to retrieve the access token from:

POST /oauth/token

However, when the embedded dashboard loads, we consistently receive the “Connection lost. Make sure that Qlik Sense is running properly” error in the UI.

Issue Observed

In the browser network logs, the request to:

GET /api/v1/users/me

returns 301 Moved Permanently, instead of 200.

Because of the redirect, the Qlik embed client fails to establish the session, and the dashboard does not load.

Details

  • OAuth is configured correctly.

  • The app ID and sheet ID are valid.

  • The dashboard is shared with the appropriate space.

  • The user exists in the space.

  • Allowed Origins are configured in OAuth Client.

  • Our domain is added to CSP → Trusted Origins.

  • The only failing call is /api/v1/users/me, returning 301.

  • No mixed HTTP/HTTPS calls.

  • Using the <qlik-embed ui="classic/app"> component.

Questions for Support

  1. What conditions cause /api/v1/users/me to return a 301 redirect during OAuth-based embedding?
    Is this expected behavior in certain tenant configurations?

  2. Does the recent Qlik Cloud identity/authentication update (referenced in the changelog) introduce stricter redirect behavior or URL canonicalization that would impact OAuth embedding?

  3. Is there a requirement that the tenant must be accessed using the exact canonical region-based domain for OAuth embeds to work (e.g., <tenant>.<region>.qlikcloud.com)?

  4. Is there any known issue where the Identity Provider or CSP configuration can trigger an unexpected redirect from the /users/me endpoint?

  5. What is the recommended approach to prevent or handle this redirect so that the embed component can successfully establish the session?

Attached Logs / Screenshots

  • Screenshot of the 301 response for /api/v1/users/me.

  • Screenshot of the “Connection lost” error.
    image (27).pngimage (26).png

Labels (1)
Labels
71 Views
1 Reply
alex_colombo
Employee
Employee
Thursday

Hey @HimabinduBunga 301 response code is not the root cause of the issue. I've just tested a qlik-embed + Oauth process and that API call is part of the authorization process. There is a redirection behind that API so it is ok from my point of view.
I'd like to see your code where you are defining the qlik-embed host config configuration, your callback html page and your qlik-embed html tag, plus your OAuth client configuration from MC. Can you please share this?

33 Views
0 Likes