Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
We are trying to get Qlik Cloud to work using JWT auth, we followed all steps in this article Create Signed Tokens for JWT Authorization | Qlik Developer Portal, and also configured the web integration for the test origin, but couldn't get it to work. We are using following test code, and always get 401 error, not sure what is wrong or missing. I wonder if anyone who did this before can shed some light, thanks.
<script type="text/javascript">
function login() {
function isLoggedIn() {
return fetch("https://**********.us.qlikcloud.com/api/v1/users/me", {
method: 'GET',
mode: 'cors',
credentials: 'include',
headers: {
'qlik-web-integration-id': '##########',
'Authorization': 'Bearer eyJhbGciOiJSUxQ7Ntgare5QTKqENgcY78dgWUYIN54QwRuspk37tVOcdR2vv3KjAZQ6###########'
},
}).then(response => {
return response.status === 200;
});
}
return isLoggedIn().then(loggedIn => {
if (!loggedIn) {
alert('You are not logged in');
}else{
alert('You are logged in');
}
});
}
login()
</script>
In your screenshot, it's showing you're doing a GET request to /login/jwt-session instead of a POST, that's why it returns 404.
The javascript code should be something like this:
var config = {
host: 'yourtenant.us.qlikcloud.com',
prefix: '/',
port: 443,
isSecure: true,
webIntegrationId: 'F2czdB5yjECRAGLuIi4hiiTEgNjPpW2R',
jwt: 'eyJhbGciOi...VviRm5uOm_0P85_REW_8vgW9O6ueRDg-ErDNNspY7bPZsx2jKgJKyxWgp1dLyq5Hh_HcD7SBh5xbqD8vjkhrhPMAJ-jU98SHcvi33YqCbd8gdHTiDXP3YUuV5ptMKo5ATmcMUb2JhPQMviGLJfCWkJoUhffGOktKSZ36HIiTTfg'
};
//Redirect to login if user is not logged in
async function login() {
function isLoggedIn() {
return fetch("https://"+config.host+"/api/v1/users/me", {
method: 'GET',
mode: 'cors',
credentials: 'include',
headers: {
'Content-Type': 'application/json',
'qlik-web-integration-id': config.webIntegrationId
},
}).then(response => response.status === 200);
}
return isLoggedIn().then((loggedIn) => {
if (!loggedIn) {
return fetch("https://"+config.host+"/login/jwt-session", {
method: 'POST',
mode: 'cors',
credentials: 'include',
headers: {
'Content-Type': 'application/json',
'qlik-web-integration-id': config.webIntegrationId,
'Authorization':'Bearer '+config.jwt
},
}).then((response) => {
if (response.status !== 200) {
throw new Error('failed to login via jwt');
}
});
}
});
}
login().then(() => {
require.config({
baseUrl: ( config.isSecure ? "https://" : "http://" ) + config.host + (config.port ? ":" + config.port : "") + config.prefix + "resources",
webIntegrationId: config.webIntegrationId
});
require( ["js/qlik"], function ( qlik ) {
qlik.on( "error", function ( error ) {
$( '#popupText' ).append( error.message + "<br>" );
$( '#popup' ).fadeIn( 1000 );
} );
$( "#closePopup" ).click( function () {
$( '#popup' ).hide();
} );
//open apps -- inserted here --
var app = qlik.openApp( 'fd91cc5b-b59b-4a5f-bfb8-3de888b3882c', config );
//get objects -- inserted here --
app.visualization.get('jCFJJ').then(function(vis){
vis.show("QV01");
});
});
});
Hi @Jason_ca
By default, JWT authentication is not enabled on the license. It has to be approved by the Product management team.
Does your license has JWT enabled? If not reach out to your Qlik account manager or Customer support who can help you with enabling the JWT on your license.
I hope this helps!
Thank you @Vinay_B , I will follow up with our Qlik account manager and let you know the result.
Thanks again for your quick response!
Jason
Hello,
And even if that was enabled, it's not enough to send the JWT token to any endpoint in Qlik Sense SaaS, there is a specific endpoint used to initiate the JWT authentication session (https://**********.us.qlikcloud.com/login/jwt-session)
So the code would have to look like something like this:
return fetch("https://**********.us.qlikcloud.com/login/jwt-session", {
method: 'POST',
mode: 'cors',
credentials: 'include',
headers: {
'qlik-web-integration-id': '##########',
'Authorization': 'Bearer eyJhbGciOiJSUxQ7Ntgare5QTKqENgcY78dgWUYIN54QwRuspk37tVOcdR2vv3KjAZQ6###########'
},
Thank you Damien, but now I'm getting a 404 error.
We confirmed with Qlik account manager, the JWT is already enabled, but still we could not get this to work.
In your screenshot, it's showing you're doing a GET request to /login/jwt-session instead of a POST, that's why it returns 404.
The javascript code should be something like this:
var config = {
host: 'yourtenant.us.qlikcloud.com',
prefix: '/',
port: 443,
isSecure: true,
webIntegrationId: 'F2czdB5yjECRAGLuIi4hiiTEgNjPpW2R',
jwt: 'eyJhbGciOi...VviRm5uOm_0P85_REW_8vgW9O6ueRDg-ErDNNspY7bPZsx2jKgJKyxWgp1dLyq5Hh_HcD7SBh5xbqD8vjkhrhPMAJ-jU98SHcvi33YqCbd8gdHTiDXP3YUuV5ptMKo5ATmcMUb2JhPQMviGLJfCWkJoUhffGOktKSZ36HIiTTfg'
};
//Redirect to login if user is not logged in
async function login() {
function isLoggedIn() {
return fetch("https://"+config.host+"/api/v1/users/me", {
method: 'GET',
mode: 'cors',
credentials: 'include',
headers: {
'Content-Type': 'application/json',
'qlik-web-integration-id': config.webIntegrationId
},
}).then(response => response.status === 200);
}
return isLoggedIn().then((loggedIn) => {
if (!loggedIn) {
return fetch("https://"+config.host+"/login/jwt-session", {
method: 'POST',
mode: 'cors',
credentials: 'include',
headers: {
'Content-Type': 'application/json',
'qlik-web-integration-id': config.webIntegrationId,
'Authorization':'Bearer '+config.jwt
},
}).then((response) => {
if (response.status !== 200) {
throw new Error('failed to login via jwt');
}
});
}
});
}
login().then(() => {
require.config({
baseUrl: ( config.isSecure ? "https://" : "http://" ) + config.host + (config.port ? ":" + config.port : "") + config.prefix + "resources",
webIntegrationId: config.webIntegrationId
});
require( ["js/qlik"], function ( qlik ) {
qlik.on( "error", function ( error ) {
$( '#popupText' ).append( error.message + "<br>" );
$( '#popup' ).fadeIn( 1000 );
} );
$( "#closePopup" ).click( function () {
$( '#popup' ).hide();
} );
//open apps -- inserted here --
var app = qlik.openApp( 'fd91cc5b-b59b-4a5f-bfb8-3de888b3882c', config );
//get objects -- inserted here --
app.visualization.get('jCFJJ').then(function(vis){
vis.show("QV01");
});
});
});
I changed the end point url to 'https://******.us.qlikcloud.com/api/v1/login/jwt-session', seems it exists but now I'm getting a blocked error by CORS policy:
Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'.
Is there a setting I missed when set up the Web integration?
Thanks.
Indeed, that looks like the web integration might not have been set up correctly. Here's mine:
Thank you Damien, I changed the method to POST with end point URL (https://**********.us.qlikcloud.com/login/jwt-session)), and it worked like magic, thank you very much for your help!