Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Do More with Qlik - Qlik Cloud Analytics Recap and Getting Started, June 19: REGISTER
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
_Johan
Partner - Contributor III
Partner - Contributor III
‎2024-05-14 04:13 AM

What setup differences are there between an oauth2 embedding and oauth2 impersonation? And how do I know it is working?

Hi,

This example describes the oauth2 setup for embedding. My understanding is that one also need to set up and configure an identity provider to get it to work.

This example describes impersonation setup for embedding. Using a modified version that fits my needs, I get an "Authorize" button as expected in the oauth2 case since it doesn't seem to use or look at the "getAccessToken" function to get the available access token. Instead it sends cookies to try to verify that the user is logged in.
Have I made any setup misstakes?
Do I need to set up an Identity provider in the impersonation case as well?

In the impersonation example the token is supposed to come from the getAccessToken function. Is there a way to determine that that one is set up correctly? At the moment it doesn't seem to be triggered for me.
Is there a fallback on the impersonation so that it will try to use the normal oauth approach?

Kind regards
Johan

Labels (5)
Labels
157 Views
1 Solution

Accepted Solutions
DaveChannon
Employee
Employee
4 weeks ago

Hey @_Johan 

With OAuth SPA, yes, you need an interactive identity provider in your tenant. Your web app will redirect to the tenant, which redirects to the auth, which directs back to the tenant. The user then provides consent (or not if client is trusted) and can access analytics in your app.

The M2M impersonation approach doesn't need cookies (although they will be set with some embedding techniques). That getAccessToken function retrieves an impersonation token, and qlik-embed handles the interaction with Qlik Cloud. There is no fall back to OAuth SPA.

Take a look at the flows here and see if it helps describe the patterns: https://qlik.dev/authenticate/oauth/#how-does-oauth2-work-on-qlik-cloud 

View solution in original post

85 Views
0 Likes
1 Reply
DaveChannon
Employee
Employee
4 weeks ago

Hey @_Johan 

With OAuth SPA, yes, you need an interactive identity provider in your tenant. Your web app will redirect to the tenant, which redirects to the auth, which directs back to the tenant. The user then provides consent (or not if client is trusted) and can access analytics in your app.

The M2M impersonation approach doesn't need cookies (although they will be set with some embedding techniques). That getAccessToken function retrieves an impersonation token, and qlik-embed handles the interaction with Qlik Cloud. There is no fall back to OAuth SPA.

Take a look at the flows here and see if it helps describe the patterns: https://qlik.dev/authenticate/oauth/#how-does-oauth2-work-on-qlik-cloud 

86 Views
0 Likes