Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

Announcements
Join us in NYC Sept 4th for Qlik's AI Reality Tour! Register Now
cancel
Showing results for 
Search instead for 
Did you mean: 
jw25
Contributor II
Contributor II

Testing qlik-oss/qlik-api-ts with a QAP server, but unable to getDoc

I've been testing using the new https://github.com/qlik-oss/qlik-api-ts with an existing QAP server, (we're currently using enigma.js https://github.com/qlik-oss/enigma.js/, but I've noticed that hasn't had any official releases for over a year now..)

I have some pre-existing JWT authentication model that works (with enigma.js), that sets a qlik-jwt-token into the headers of the site, however when testing something basic like opening a specific app, the qix.openAppSession seems to work, but the appSession.getDoc() doesn't...

Code I'm trying to use: (Token authentication occuring in background already)

try {
      const appSession = await qix.openAppSession({
        ...config,
        appId: '08849f09-cc25-4635-b376-5caeb255c121'
      });
      const app = await appSession.getDoc();
      console.log("App opened successfully");
      return app;
    } catch (error) {
      console.error("Failed to open app session:", error);
    }

Network console and network tab
jw25_1-1738074311565.pngjw25_2-1738074341237.png


It seems to be trying to source a bundle https://some-domain.com/jwt/qlik-embed/main.js  and that call fails.

I know theres a library called qlik-embed, but I'm not sure why it's trying to source it from my QAP server...
 
Does anyone have any ideas? Or is https://github.com/qlik-oss/qlik-api-ts just not meant for QAP servers?
Labels (2)
1 Solution

Accepted Solutions
alex_colombo
Employee
Employee

It should be a bug in that release, It should be fixed starting May 2024.

View solution in original post

6 Replies
alex_colombo
Employee
Employee

Hey @jw25 could you please share your qlik/api setDefaultHostConfig configuration? I'd like to check if you are pointing to your jwt virtual proxy and if you are setting crossSiteCookie property.

Furthermore, the JWT auth needs to be done in the front end, fetching a Qlik resource attaching jwt token in request headers. When this is done, and cookie is set in the browser, you can proceed with qlik/api stuff.

The error in your screenshots is telling you that qlik/api is trying to get Qlik resources from your JWT VP but JWT token is not attached to request headers.

 

Below an example of fetching Qlik resource using JWT VP

await fetch(
     "https://_qlikServer_/jwt/qrs/about?xrfkey=0000000000000000",
     {
       method: "GET",
       mode: "cors",
       credentials: "include",
       headers: {
         "Content-Type": "application/json",
         "X-Qlik-xrfkey": "0000000000000000",
         Authorization: `Bearer ${token}`,
       },
     }
   )

and below qlik/api configuration for re using Qlik cookie set by previous step

auth.setDefaultHostConfig({
     host: "https://_qlikServer_/jwt",
     crossSiteCookies: true,
   });

   const appId = "_qlikAppId_";
   const session = await qix.openAppSession({ appId });
   const app = await session.getDoc();

jw25
Contributor II
Contributor II
Author

Hi Alex

Sorry for the delay.

Here's the code I use to make sure the qlik jwt cookies is generated (it was abstraced away in this qlikCmZephrService, so I've tried to pull out as much of the code as possible).


This time as well I've added the setDefaultHostConfig function.

 

this.qlikCmZephrService.generateXrfKey();
this.qlikCmZephrService.qlikHost = 'some-domain.com/jwt';
const token = 'sometoken';
const xrfKey = this.qlikCmZephrService.xrfKey
const fullPath = `https://${this.qlikCmZephrService.qlikHost}/qrs/about?xrfkey=${xrfKey}`;
// eslint-disable-next-line
const options: any = {
  method: 'GET',
  mode: 'cors',
  cache: 'no-store',
  credentials: 'include',
  headers: {
    'Content-Type': 'application/json',
    'X-Qlik-xrfkey': xrfKey,
    'Authorization': `Bearer ${token}`
  }
};
const response = await fetch(fullPath, options);
console.debug('response', response)
auth.setDefaultHostConfig({
  host: 'https://some-domain.com/jwt',
  crossSiteCookies: true,
});

try {
      const appSession = qix.openAppSession({
        appId: '08849f09-cc25-4635-b376-5caeb255c121',
        hostConfig: { host: 'some-domain.com/jwt' },
      });
      // this.appSession = await openAppSession({ appId: '08849f09-cc25-4635-b376-5caeb255c121', hostConfig: { host: this.qlikCmZephrService.qlikHost}  });
      console.log('***appSession', appSession);
      const app = await appSession.getDoc();
      console.log('***app', app);
      this.tableObject = await app.getObject(DataTable)
      console.log('***this.tableObject', this.tableObject)
    } catch (error) {
      console.warn('ERROR', error);
    }

 

 

I haven't put in the real jwt token used, but it is a RSA256 encoded one and I can see the response is working, because when I call https://some-domain.com/jwt/qrs/about?xrfkey=someexrfkey  with the bearer token in order to generate the qlik jwt cookie, the response works and I can see it setting the X-Qlik-Session-jwt cookie in the network tab:

jw25_0-1738074544038.png

 


 
Updating Media

 

 

So even though that response to authenticate and authorise is successful, now in the console it isn't a 400 error anymore, it's a 404 (not found) error for that url again:

https://some-domain.com/jwt/qlik-embed/main.js 

jw25_2-1738074640069.png


And just for some further context, we're using this type of server: i.e. the sort where you have to put /qmc on the domain to access the admin terminal, with a custom Virtual 

jw25_4-1738074710866.png

 


Any idea's on why the 404? or is what I'm doing not necessarily compatible with the type of qlik server/authentication model we're using.

 

Thanks

Jo

alex_colombo
Employee
Employee

Which Qlik Sense on prem version are you using?

jw25
Contributor II
Contributor II
Author

Qlik Sense February 2024 Patch 15 - 14.173.23

jw25_5-1738074791187.png

 

 

 

alex_colombo
Employee
Employee

It should be a bug in that release, It should be fixed starting May 2024.

jw25
Contributor II
Contributor II
Author

Thanks Alex, with the new update it's now working!