Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Edit:
A few days ago qs-jwt 1.10.0 was released.
The main new feature is support for QS Cloud JWTs.
With this version it's now very easy to automate JWT creation for both QS Cloud and client-managed Qlik Sense, for example when short lived credentials (in the form of JWTs) should be created as part of a CI/CD pipeline or to give some third party system time-limited access to QS.
qs-jwt is still open source and free to use, of course.
Latest version available here.
--------------
tl;dr
Long version
JWTs are an excellent, well established way to provide authenticated access to APIs.
With client-managed Qlik Sense (=QSEoW) certificates provide very flexible authentication, but therein also lies a problem: With certificate access to Sense APIs the calling system can impersonate any user, which is less than ideal from a security point of view.
There are some good posts on qlik.dev around JWTs. Both how to create them and how to set up virtual proxies to work with JWTs.
I however still felt the whole process of creating JWTs was too manual.
And not at all suited for production grade use in CI/CD pipelines etc.
So... enter qs-jwt.
https://github.com/ptarmiganlabs/qs-jwt
It's cross platform (Win, macOs, Linux).
It's a single binary, no installation needed. Just download and run.
It is specifically created to be easy to use in automation scripts and Continuous Integration (CI) pipelines.
It can create JWTs for client-managed Qlik Sense. Qlik Cloud support is around the corner.
It creates JWTs that embed both user identify and any other metadata than can be expressed in string format.
It places an expiry time in the JWT, making the JWT useless after that moment.
It can use an existing set of private key/certificate, or create new ones.
The macOS binary is signed by Apple. A signed Windows binary just might be coming too..
It has an easy to understand, permissive MIT open source license.
Enjoy!
Seems really interesting, I'll give it a good try. Thanks @mountaindude !
Riccardo