Skip to main content

Qlik

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2025! Where innovative solutions turn your data visions into reality: REGISTER TODAY
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
pdimitrakis
Contributor III
‎2024-07-09 05:10 AM

JWT suddenly stopped working (401 unauthorized)

Hello,

We have been using JWT authentication to access a mashup webpage since 03/2024.

We needed some help then as seen in our question back then:

https://community.qlik.com/t5/Integration-Extension-APIs/JWT-authentication-in-mashup/m-p/2435434

 

Ten days ago, the JWT authentication suddenly stopped working and all requests from various browsers and pc is the same:

 

 

{
    "errors": [
        {
            "title": "Unauthorized",
            "code": "AUTH-1",
            "status": "401"
        }
    ],
    "traceId": "51a5bfec3f6a857bed9dc7fb96cc23a6"
}

 

 

We already tried recreating the key pair to test if that was the root of the problem, with no success.

Any thoughts?
Thanks in advance

Labels (1)
Labels
440 Views
1 Solution

Accepted Solutions
pdimitrakis
Contributor III
‎2024-07-10 02:14 AM
Author

The problem was the setting of the following two parameters in the token.

  • Not before (nbf): identifies the starting time on which the JWT is accepted.
  • Issued at (iat): identifies the time at which the JWT was issued.

 

We are creating the JWT token in PHP as follows:

$the_time = time() - 10; (start time is before 10 seconds)

$exp_time = $the_time + 60 * 60; (expiration time is 60 minutes after the start)

and in the token:


{
"jti": 1720591311,
"iss": "issuer",
"aud": "qlik.api/login/jwt-session",
"sub": "6456c639a7ec9b1be923689c",
"subType": "user",
"iat": $the_time,
"nbf": $the_time,
"exp": $exp_time,
"name": "John Doe",
"email": "name@domain.com",
"email_verified": true
}

 

The problem was in the 10 seconds setting.

Setting the issue time and not before time to 5 minutes ago did the trick.

$the_time = time() - 300; (start time is before 300 seconds)

 

It seems that somehow the Qlik tenant time got desynchronized over time since the original setting with the 10 seconds interval worked like a charm for 3 months.

I hope my notes are useful to others.

View solution in original post

400 Views
0 Likes
1 Reply
pdimitrakis
Contributor III
‎2024-07-10 02:14 AM
Author

The problem was the setting of the following two parameters in the token.

  • Not before (nbf): identifies the starting time on which the JWT is accepted.
  • Issued at (iat): identifies the time at which the JWT was issued.

 

We are creating the JWT token in PHP as follows:

$the_time = time() - 10; (start time is before 10 seconds)

$exp_time = $the_time + 60 * 60; (expiration time is 60 minutes after the start)

and in the token:


{
"jti": 1720591311,
"iss": "issuer",
"aud": "qlik.api/login/jwt-session",
"sub": "6456c639a7ec9b1be923689c",
"subType": "user",
"iat": $the_time,
"nbf": $the_time,
"exp": $exp_time,
"name": "John Doe",
"email": "name@domain.com",
"email_verified": true
}

 

The problem was in the 10 seconds setting.

Setting the issue time and not before time to 5 minutes ago did the trick.

$the_time = time() - 300; (start time is before 300 seconds)

 

It seems that somehow the Qlik tenant time got desynchronized over time since the original setting with the 10 seconds interval worked like a charm for 3 months.

I hope my notes are useful to others.

401 Views
0 Likes
Top