Solved: Re: JWT Auth in Qlik Cloud - Qlik Community

Jason_ca · ‎2021-10-22

We are trying to get Qlik Cloud to work using JWT auth, we followed all steps in this article Create Signed Tokens for JWT Authorization | Qlik Developer Portal, and also configured the web integration for the test origin, but couldn't get it to work. We are using following test code, and always get 401 error, not sure what is wrong or missing. I wonder if anyone who did this before can shed some light, thanks.

Damien_V · ‎2021-10-26

In your screenshot, it's showing you're doing a GET request to /login/jwt-session instead of a POST, that's why it returns 404.

The javascript code should be something like this:

var config = {
    host: 'yourtenant.us.qlikcloud.com',
    prefix: '/',
    port: 443,
    isSecure: true,
    webIntegrationId: 'F2czdB5yjECRAGLuIi4hiiTEgNjPpW2R',
	jwt: 'eyJhbGciOi...VviRm5uOm_0P85_REW_8vgW9O6ueRDg-ErDNNspY7bPZsx2jKgJKyxWgp1dLyq5Hh_HcD7SBh5xbqD8vjkhrhPMAJ-jU98SHcvi33YqCbd8gdHTiDXP3YUuV5ptMKo5ATmcMUb2JhPQMviGLJfCWkJoUhffGOktKSZ36HIiTTfg'
};

//Redirect to login if user is not logged in
async function login() {
    function isLoggedIn() {
        return fetch("https://"+config.host+"/api/v1/users/me", {
            method: 'GET',
            mode: 'cors',
            credentials: 'include',
            headers: {
            'Content-Type': 'application/json',
            'qlik-web-integration-id': config.webIntegrationId
            },
        }).then(response => response.status === 200);
    }

    return isLoggedIn().then((loggedIn) => {
        if (!loggedIn) {
            return fetch("https://"+config.host+"/login/jwt-session", {
                method: 'POST',
                mode: 'cors',
                credentials: 'include',
                headers: {
                    'Content-Type': 'application/json',
                    'qlik-web-integration-id': config.webIntegrationId,
                    'Authorization':'Bearer '+config.jwt
                },
            }).then((response) => {
                if (response.status !== 200) {
                    throw new Error('failed to login via jwt');
                }
            });
        }
    });
}

login().then(() => {
    require.config({
        baseUrl: ( config.isSecure ? "https://" : "http://" ) + config.host + (config.port ? ":" + config.port : "") + config.prefix + "resources",
        webIntegrationId: config.webIntegrationId
    });

    require( ["js/qlik"], function ( qlik ) {
        qlik.on( "error", function ( error ) {
            $( '#popupText' ).append( error.message + "<br>" );
            $( '#popup' ).fadeIn( 1000 );
        } );
        $( "#closePopup" ).click( function () {
            $( '#popup' ).hide();
        } );
        //open apps -- inserted here --
        var app = qlik.openApp( 'fd91cc5b-b59b-4a5f-bfb8-3de888b3882c', config );
        
        //get objects -- inserted here --
        app.visualization.get('jCFJJ').then(function(vis){
        vis.show("QV01");	
        });
    });
});

If the issue is solved please mark the answer with Accept as Solution.

View solution in original post

Vinay_B · ‎2021-10-22

Hi @Jason_ca

By default, JWT authentication is not enabled on the license. It has to be approved by the Product management team.

Does your license has JWT enabled? If not reach out to your Qlik account manager or Customer support who can help you with enabling the JWT on your license.

I hope this helps!

If this resolves your query, please click on "Accept as Solution" for confirmation. Thanks!

Jason_ca · ‎2021-10-22

Thank you @Vinay_B , I will follow up with our Qlik account manager and let you know the result.

Thanks again for your quick response!

Jason

Damien_V · ‎2021-10-25

Hello,

And even if that was enabled, it's not enough to send the JWT token to any endpoint in Qlik Sense SaaS, there is a specific endpoint used to initiate the JWT authentication session (https://**********.us.qlikcloud.com/login/jwt-session)

So the code would have to look like something like this:

return fetch("https://**********.us.qlikcloud.com/login/jwt-session", {
method: 'POST',
mode: 'cors',
credentials: 'include',
headers: {
'qlik-web-integration-id': '##########',
'Authorization': 'Bearer eyJhbGciOiJSUxQ7Ntgare5QTKqENgcY78dgWUYIN54QwRuspk37tVOcdR2vv3KjAZQ6###########'
},

If the issue is solved please mark the answer with Accept as Solution.

Jason_ca · ‎2021-10-26

Thank you Damien, but now I'm getting a 404 error.

Jason_ca · ‎2021-10-26

We confirmed with Qlik account manager, the JWT is already enabled, but still we could not get this to work.

Damien_V · ‎2021-10-26

In your screenshot, it's showing you're doing a GET request to /login/jwt-session instead of a POST, that's why it returns 404.

The javascript code should be something like this:

var config = {
    host: 'yourtenant.us.qlikcloud.com',
    prefix: '/',
    port: 443,
    isSecure: true,
    webIntegrationId: 'F2czdB5yjECRAGLuIi4hiiTEgNjPpW2R',
	jwt: 'eyJhbGciOi...VviRm5uOm_0P85_REW_8vgW9O6ueRDg-ErDNNspY7bPZsx2jKgJKyxWgp1dLyq5Hh_HcD7SBh5xbqD8vjkhrhPMAJ-jU98SHcvi33YqCbd8gdHTiDXP3YUuV5ptMKo5ATmcMUb2JhPQMviGLJfCWkJoUhffGOktKSZ36HIiTTfg'
};

//Redirect to login if user is not logged in
async function login() {
    function isLoggedIn() {
        return fetch("https://"+config.host+"/api/v1/users/me", {
            method: 'GET',
            mode: 'cors',
            credentials: 'include',
            headers: {
            'Content-Type': 'application/json',
            'qlik-web-integration-id': config.webIntegrationId
            },
        }).then(response => response.status === 200);
    }

    return isLoggedIn().then((loggedIn) => {
        if (!loggedIn) {
            return fetch("https://"+config.host+"/login/jwt-session", {
                method: 'POST',
                mode: 'cors',
                credentials: 'include',
                headers: {
                    'Content-Type': 'application/json',
                    'qlik-web-integration-id': config.webIntegrationId,
                    'Authorization':'Bearer '+config.jwt
                },
            }).then((response) => {
                if (response.status !== 200) {
                    throw new Error('failed to login via jwt');
                }
            });
        }
    });
}

login().then(() => {
    require.config({
        baseUrl: ( config.isSecure ? "https://" : "http://" ) + config.host + (config.port ? ":" + config.port : "") + config.prefix + "resources",
        webIntegrationId: config.webIntegrationId
    });

    require( ["js/qlik"], function ( qlik ) {
        qlik.on( "error", function ( error ) {
            $( '#popupText' ).append( error.message + "<br>" );
            $( '#popup' ).fadeIn( 1000 );
        } );
        $( "#closePopup" ).click( function () {
            $( '#popup' ).hide();
        } );
        //open apps -- inserted here --
        var app = qlik.openApp( 'fd91cc5b-b59b-4a5f-bfb8-3de888b3882c', config );
        
        //get objects -- inserted here --
        app.visualization.get('jCFJJ').then(function(vis){
        vis.show("QV01");	
        });
    });
});

If the issue is solved please mark the answer with Accept as Solution.

Jason_ca · ‎2021-10-26

I changed the end point url to 'https://******.us.qlikcloud.com/api/v1/login/jwt-session', seems it exists but now I'm getting a blocked error by CORS policy:

Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'.

Is there a setting I missed when set up the Web integration?

Thanks.

Damien_V · ‎2021-10-26

Indeed, that looks like the web integration might not have been set up correctly. Here's mine:

If the issue is solved please mark the answer with Accept as Solution.

Jason_ca · ‎2021-10-26

Thank you Damien, I changed the method to POST with end point URL (https://**********.us.qlikcloud.com/login/jwt-session)), and it worked like magic, thank you very much for your help!