Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
See why IDC MarketScape names Qlik a 2025 Leader! Read more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
master_t
Partner - Creator II
Partner - Creator II
‎2023-10-05 06:04 AM

Qlik Cloud login API not working

Hello fellow devs

I'm trying to invoke the 

/login/jwt-session

API in Qlik Cloud to get an authentication cookie, like described here:

https://qlik.dev/apis/rest/login#%23%2Fentries%2Flogin%2Fjwt-session-post

However, I'm receiving the following error every time:

{
    "errors": [
        {
            "title": "Invalid token request",
            "detail": "JWT_LOGIN_VALIDATIONS Missing required claim: jti",
            "code": "INTERNAL-TOKEN-1",
            "status": "400"
        }
    ],
    "traceId": "0000000000000000bbbff3e0123f1a09"
}
 
The server is telling me that the "jti" claim is missing, however this is false. I've decoded the JWT token that I'm sending and, as you can see, all the required claims are there, including "jti":
 
master_t_0-1696500110617.png

 

The jti claim is a GUID that I'm generating randomly every time.

Can anyone tell me what I'm doing wrong here?

Labels (3)
Labels
2,052 Views
0 Likes
1 Solution

Accepted Solutions
master_t
Partner - Creator II
Partner - Creator II
‎2023-10-06 04:40 AM
Author

Ok, I found the issue: the variable I was using in Postman to pass the token was being overridden, so I wasn't sending the correct value. Sorry for wasting your time guys, and thanks for the support.

View solution in original post

1,969 Views
7 Replies
Øystein_Kolsrud
Employee
Employee
‎2023-10-05 06:41 AM

Looking at the logs for that trace ID it seems you are calling the jwt-session with an argument that it looks like is containing your JWT. Is that correct? I believe the JWT should be passed in the authorization header of the call.

2,036 Views
0 Likes
Damien_V
Support
Support
‎2023-10-05 06:44 AM

I might be wrong but if I remember correctly Qlik Cloud expects the "jti" claim in the JWT header and not in the JWT payload.

If the issue is solved please mark the answer with Accept as Solution.
2,030 Views
0 Likes
master_t
Partner - Creator II
Partner - Creator II
‎2023-10-05 07:01 AM
Author

In response to Damien_V

@Damien_V : I've added jti to the header:

master_t_0-1696503515219.png

 

But I get the same error

 

@Øystein_Kolsrud I'm passing the JWT token via the Authorization attribute, with the usual "Bearer XXX" syntax, where XXX is the token. I was doing some testing with different parameters so maybe that log is not indicative, would you be so kind to check this trace id:

000000000000000075caa0309fa9b57d
 
this I've just made, with no parameters in the URL, just the bearer token, with the jti value also added to the header.
2,019 Views
0 Likes
Øystein_Kolsrud
Employee
Employee
‎2023-10-05 10:56 AM

In response to master_t

I can confirm that I don't see the parameter for that trace ID. I can't really tell you what is wrong with your setup, but if you would like to test if your JWT is correct, then you could try out this example:

https://github.com/kolsrud/qlik_rest_sdk/blob/master/Qlik.Sense.RestClient/Examples/QcsConnectJwt/Pr...

Just replace the jwt passed to the method AsJsonWebTokenViaQcs with the one you generate and see if you can connect. If you can't then you'll know there's something wrong with your JWT generation, but if you can connect with that one, then you'll know your problem is with how you pass the JWT to QCS.

2,005 Views
0 Likes
Damien_V
Support
Support
‎2023-10-05 08:48 PM

@master_t 

Ok, I double-checked and you're right, jti is in the payload.

I compared with my own JWT token and the only difference I see is the algorithm which is not the same.
You're using RS512 and I use RS256

Can you try with RS256 and see if that works or not?

If the issue is solved please mark the answer with Accept as Solution.
1,996 Views
master_t
Partner - Creator II
Partner - Creator II
‎2023-10-06 04:22 AM
Author

@Damien_V  I've switched to RS256, but same result. You can check it on trace ID 

0000000000000000027705fba6143e20
 
@Øystein_Kolsrud the token works, I know because in the same application I am using it to access the QS Engine, like this:
var cloudLocation = QcsLocation.FromUri(uri);
cloudLocation.AsJwt(token);

and it doesn't give me any issues, it connects and I can get data from apps and all the rest.

Here is the full request I'm sending, if it is any help:

Request Headers
	Content-Type: application/json
	Authorization: Bearer eyJhbGciOi...
	User-Agent: PostmanRuntime/7.33.0
	Accept: */*
	Postman-Token: e5238ab3-61bc-4724-978c-7610a34f2c6e
	Host: xxxxxxxx.eu.qlikcloud.com
	Accept-Encoding: gzip, deflate, br
	Connection: keep-alive
	Content-Length: 2
Request Body
	{}
1,974 Views
0 Likes
master_t
Partner - Creator II
Partner - Creator II
‎2023-10-06 04:40 AM
Author

Ok, I found the issue: the variable I was using in Postman to pass the token was being overridden, so I wasn't sending the correct value. Sorry for wasting your time guys, and thanks for the support.

1,970 Views