Skip to main content
Announcements
See what Drew Clarke has to say about the Qlik Talend Cloud launch! READ THE BLOG
cancel
Showing results for 
Search instead for 
Did you mean: 
master_t
Partner - Creator II
Partner - Creator II

Qlik Cloud login API not working

Hello fellow devs

I'm trying to invoke the 

/login/jwt-session

API in Qlik Cloud to get an authentication cookie, like described here:

https://qlik.dev/apis/rest/login#%23%2Fentries%2Flogin%2Fjwt-session-post

However, I'm receiving the following error every time:

{
    "errors": [
        {
            "title": "Invalid token request",
            "detail": "JWT_LOGIN_VALIDATIONS Missing required claim: jti",
            "code": "INTERNAL-TOKEN-1",
            "status": "400"
        }
    ],
    "traceId": "0000000000000000bbbff3e0123f1a09"
}
 
The server is telling me that the "jti" claim is missing, however this is false. I've decoded the JWT token that I'm sending and, as you can see, all the required claims are there, including "jti":
 
master_t_0-1696500110617.png

 

The jti claim is a GUID that I'm generating randomly every time.

Can anyone tell me what I'm doing wrong here?

Labels (3)
1 Solution

Accepted Solutions
master_t
Partner - Creator II
Partner - Creator II
Author

Ok, I found the issue: the variable I was using in Postman to pass the token was being overridden, so I wasn't sending the correct value. Sorry for wasting your time guys, and thanks for the support.

View solution in original post

7 Replies
Øystein_Kolsrud
Employee
Employee

Looking at the logs for that trace ID it seems you are calling the jwt-session with an argument that it looks like is containing your JWT. Is that correct? I believe the JWT should be passed in the authorization header of the call.

Damien_V
Support
Support

I might be wrong but if I remember correctly Qlik Cloud expects the "jti" claim in the JWT header and not in the JWT payload.

If the issue is solved please mark the answer with Accept as Solution.
master_t
Partner - Creator II
Partner - Creator II
Author

@Damien_V : I've added jti to the header:

master_t_0-1696503515219.png

 

But I get the same error

 

@Øystein_Kolsrud I'm passing the JWT token via the Authorization attribute, with the usual "Bearer XXX" syntax, where XXX is the token. I was doing some testing with different parameters so maybe that log is not indicative, would you be so kind to check this trace id:

000000000000000075caa0309fa9b57d
 
this I've just made, with no parameters in the URL, just the bearer token, with the jti value also added to the header.
Øystein_Kolsrud
Employee
Employee

I can confirm that I don't see the parameter for that trace ID. I can't really tell you what is wrong with your setup, but if you would like to test if your JWT is correct, then you could try out this example:

https://github.com/kolsrud/qlik_rest_sdk/blob/master/Qlik.Sense.RestClient/Examples/QcsConnectJwt/Pr...

Just replace the jwt passed to the method AsJsonWebTokenViaQcs with the one you generate and see if you can connect. If you can't then you'll know there's something wrong with your JWT generation, but if you can connect with that one, then you'll know your problem is with how you pass the JWT to QCS.

Damien_V
Support
Support

@master_t 

Ok, I double-checked and you're right, jti is in the payload.

I compared with my own JWT token and the only difference I see is the algorithm which is not the same.
You're using RS512 and I use RS256

Can you try with RS256 and see if that works or not?

If the issue is solved please mark the answer with Accept as Solution.
master_t
Partner - Creator II
Partner - Creator II
Author

@Damien_V  I've switched to RS256, but same result. You can check it on trace ID 

0000000000000000027705fba6143e20
 
@Øystein_Kolsrud the token works, I know because in the same application I am using it to access the QS Engine, like this:
var cloudLocation = QcsLocation.FromUri(uri);
cloudLocation.AsJwt(token);

and it doesn't give me any issues, it connects and I can get data from apps and all the rest.

Here is the full request I'm sending, if it is any help:

Request Headers
	Content-Type: application/json
	Authorization: Bearer eyJhbGciOi...
	User-Agent: PostmanRuntime/7.33.0
	Accept: */*
	Postman-Token: e5238ab3-61bc-4724-978c-7610a34f2c6e
	Host: xxxxxxxx.eu.qlikcloud.com
	Accept-Encoding: gzip, deflate, br
	Connection: keep-alive
	Content-Length: 2
Request Body
	{}
master_t
Partner - Creator II
Partner - Creator II
Author

Ok, I found the issue: the variable I was using in Postman to pass the token was being overridden, so I wasn't sending the correct value. Sorry for wasting your time guys, and thanks for the support.