Hi All,

Recently I started to develop a POC with JWT authentication in one of my client's Qlik SaaS instance and attempted to develop a mashup without need for human interaction.

I have followed up the documentation on how to set the JWT up in developer pages Create Signed Tokens for JWT Authorization | Qlik Developer Portal and Implement JWT Authorization | Qlik Developer Portal, set up a local development node.js server for making the calls, adopted the provided JWT signing script to use the details of our client, and also configured a JWT identity provider to my node.js development server local IP address as issuer (with https enabled), with the web content policy set up for white listing it.

Everything seems to go well, and the JWT could authenticates successfully, well, most of the time:

On some other occasions though, the authentication would return 401 unauthorize as a response code, with the exact same script and the exact development server instance:

I have therefore implemented a retry mechanism in the script to retry it at least 10 times with newly generated tokens until it returns a 200 code and successfully authenticated. Now it seems to work almost most of the time.

Still, I have no idea why the authentication would sometimes work and sometimes fail, since virtually nothing is different between a successful authentication and a failed one except that I open a new browser with incognito mode. Did anyone encounter similar issue and if so, how did you resolve it with a more efficient and robust way that is not retrying it for 10 times?

I have also attached the JavaScript script I used with all the details clear for reference. The node.js development server is the out of box setting utilizing  parcel with configuration as "scripts": { "start": "parcel --host 127.0.0.1 Page1.html --https" }. The Open SSL version is Win64OpenSSL-1_1_1q. Private key and public key generation are all the same with the tutorial.

Thanks,

Michael