Discussion board where members can learn more about Integration, Extensions and API’s for Qlik Sense.
All of the examples of the mashup/capability API in node.js that I've seen use the qlik-auth module. The drawback of the qlik-auth module is that it relies on redirection through the proxy to obtain a ticket.
What I would like to do is obtain a ticket via ajax, and defer loading the qlik client until the ticket is returned.
There doesn't, however, seem to be an API in the client to pass in the ticket and/or session and the qlik client assumes that a valid cookie is set when loaded, otherwise it redirects to the authentication URL in the virtual proxy.
How can the qlik js client be loaded without needing to be redirected to the authentication url by using the QPS session API to first obtain a ticket?
Hey Chris,
The http://sense-demo.qlik.com site does exactly that. We fetch a ticket in the background, then we consume said ticket by just issuing a GET against a resource behind the proxy with the ticket attached to it. Once the ticket has been consumed and the session cookie is present in the client you can just inject the qlik.js script into the head or manually bootstrap our API onto the page.
Process
1. Browser requests ticket from server component.
2. Server component issues ticket to user/browser
3. Browser consumes ticket by requesting https://<your QS server>/resources/img/dark_noise_16x16.png?qlikTicket=<yourticket>
4. QS Server returns the image and a Set Cookie header.
5. Discard the image and just load the qlik.js API
Hey Chris,
The http://sense-demo.qlik.com site does exactly that. We fetch a ticket in the background, then we consume said ticket by just issuing a GET against a resource behind the proxy with the ticket attached to it. Once the ticket has been consumed and the session cookie is present in the client you can just inject the qlik.js script into the head or manually bootstrap our API onto the page.
Process
1. Browser requests ticket from server component.
2. Server component issues ticket to user/browser
3. Browser consumes ticket by requesting https://<your QS server>/resources/img/dark_noise_16x16.png?qlikTicket=<yourticket>
4. QS Server returns the image and a Set Cookie header.
5. Discard the image and just load the qlik.js API
Thanks Alexander!
Once the ticket has been consumed and the session cookie is present in the client you can just inject the qlik.js script into the head or manually bootstrap our API onto the page.
I have a follow-up question regarding this. The node.js mashup example uses a third approach, which is to load the master require.js (full html here😞
<script src="http://<hostname>:<hostport>/resources/assets/external/requirejs/require.js"></script>
What's the difference between loading this require.js file (which is different stock require.js) and directly loading the qlik.js file? Also, can you give an example of manually bootstrapping the API? I'm not quite sure what you mean by that.
Alexander, could you clarify how exactly "1. Browser requests ticket from server component." is achieved?
This sounds like exactly what I need to do as I need to authenticate (get session for a user) via client side ajax...care to elaborate?
Hi Robert,
You can read more about the authentication API here:
Authentication API ‒ Qlik Sense
The service that is used to actually obtain a ticket is here:
If you were using normal authentication, then you wouldn't have to worry about getting a ticket since the app would do it on your behalf, but if you are using a proxy with an authentication module (as would be the case in most node.js examples), then the service you deploy (i.e. the node.js app) calls the ticket method in the QPS after using whatever authentication the application defines.
Hope that helps.
~Chris
IMHO, the best place to start would be to work through one of the examples of a mashup application in node.js or the .net SDK.
That should give you a pretty good understanding of the architecture behind mashups.
If you've already gotten that far, then you'd have to give us more details on what else you'd like to know about the approach that Alexander laid out.
~Chris
When you are loading the requirejs file from behind the proxy a authentication check is performed.
So if you are not authenticated when the page tries to load requirejs it will trigger the authentication re-direct.
You build a server component that is trusted by Qlik Sense by certificates.
Your server component is responsible for authenticating the user, if that is successful you request a ticket for the user and pass it along.
Just if it helps anyone - the dark_noise picture moved location
/resources/img/core/dark_noise_16x16.png