Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us in Toronto Sept 9th for Qlik's AI Reality Tour! Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
FernandoOliveiraAE
Contributor
Contributor
‎2024-04-25 05:30 PM

JWT authentication in mashup error 401 AUTH-1

Could anyone help me identify what might be wrong with this code, as it's returning error 401 AUTH-1

const fs = require("fs");
const uid = require("uid-safe");
const jwt = require("jsonwebtoken");

const payload = {
  jti: uid.sync(32), // 32 bytes random string
  sub: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  subType: "user",
  name: "XXXXXX",
  email: "XXXXXXXXXXXXXXXXXXXXXX",
  email_verified: true,
  groups: ["Administrators", "Sales", "Marketing"],
};

const privateKeyPath = "./privatekey.pem";
const privateKey = fs.readFileSync(privateKeyPath, "utf8");

const headerOptions = {
  algorithm: "HS256",
  keyid: "XXXXXXXXXX",
};

const signOptions = {
  issuer: "XXXXXXXXX.us.qlikcloud.com",
  expiresIn: "5m",
  notBefore: "1s",
  audience: "qlik.api/login/jwt-session",
};

function generateToken() {
  const myToken = jwt.sign(payload, privateKey, {
    ...headerOptions,
    ...signOptions,
  });
  return myToken;
}

let token = generateToken();

var config = {
  host: "XXXXXXXX.us.qlikcloud.com",
  prefix: "/",
  port: 443,
  isSecure: true,
  webIntegrationId: "XXXXXXXXXXXXXXXXXXXXXXXXX",
};

async function login() {
  const response = await fetch(
    `https://${config.host}/login/jwt-session?qlik-web-integration-id=${config.webIntegrationId}`,
    {
      method: "POST",
      credentials: "include",
      mode: "cors",
      headers: {
        "content-type": "application/json",
        Authorization: `Bearer ${token}`,
        "qlik-web-integration-id": config.webIntegrationId
      },
      rejectunAuthorized: false
    }
  );

  console.log(await response.text());

  if ((response.status) !== 200) {
    console.log(await response.text());
    throw new Error("Failed to login via JWT");
  }
}

async function initialize() {
  try {
      await login();
      configureQlik();
  } catch (error) {
      console.error("Error during initialization:", error.message);
  }
}

function configureQlik() {
  require.config({
      baseUrl: `${config.isSecure ? "https://" : "http://"}${config.host}${config.port ? ":" + config.port : ""}${config.prefix}resources`,
      webIntegrationId: config.webIntegrationId
  });

  require(["js/qlik"], function (qlik) {
      qlik.on("error", function (error) {
          $('#popupText').append(error.message + "<br>");
          $('#popup').fadeIn(1000);
      });
      $("#closePopup").click(function () {
          $('#popup').hide();
      });

      var app = qlik.openApp('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', config);
      app.visualization.get('XXXXXXXX').then(function (vis) {
          vis.show("QV01");
      });
  });
}

(async function() {
  try {
    await initialize();
  } catch (error) {
    console.error("Initialization failed:", error);
  }
})();
Labels (2)
Labels
929 Views
2 Replies
Levi_Turner
Employee
Employee
‎2024-04-30 02:31 PM

I'd recommend consulting this doc (https://qlik.dev/authenticate/jwt/implement-jwt-authorization/), in a quick scan through (by someone not particularly talented at JavaScript), you're using HS256 whereas we want RS256. Given that we do public / private validation, you can't swap the algos. I would work through known good then adapt to your use case.

857 Views
0 Likes
FernandoOliveiraAE
Contributor
Contributor
‎2024-04-30 03:17 PM
Author

In response to Levi_Turner

Thanks, but I had already made the change and still couldn't get it to work as expected.
I saw that I need to do it object by object and not as I would like, which would be to take the entire app

852 Views
0 Likes