Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team
This article explains how to request an access token manually from your Identity provider token endpoint and verify user information from the /userinfo endpoint.
Qlik Cloud (Except for "ADFS" and "Azure" Identity provider types - see here instead)
First of all, for testing purposes, add the URL "https://test/login/callback" used in this script in your Identity Provider (IdP) allowed redirect URIs. The reason we are doing this is because we want to request the token manually to check the userinfo endpoint content and not have it getting automatically processed by Qlik Sense.
$authorization_endpoint = 'https://dev-4786010.okta.com/oauth2/v1/authorize'
$client_id = '3fgfdd23thuymwsiEANFd7'
$redirect_uri = [System.Web.HTTPUtility]::UrlEncode("https://test/login/callback")
$scope = 'openid%20profile%20email'
$code_challenge="7TsROgPKuP0hHoWWwEGqMsIOgzokT3xAz8kWoo7Ivp8"
#Paste this URL in your browser to get back the authorization code
$authorization_endpoint+'?response_type=code&client_id='+$client_id+'&redirect_uri='+$redirect_uri+'&state=xyzABC123&nonce=3O2bsVV99-kjikCWCxqzxOx007aXbKMUd0YXBwA3sUk&scope='+$scope+'&code_challenge_method=S256&code_challenge='+$code_challenge
https://dev-4786010.okta.com/oauth2/v1/authorize?response_type=code&client_id=3fgfdd23thuymwsiEANFd7&redirect_uri=https%3A%2F%2Ftest%2Flogin%2Fcallback&state=xyzABC123&nonce=3O2bsVV99-
kjikCWCxqzxOx007aXbKMUd0YXBwA3sUk&scope=openid%20profile%20email&code_challenge_method=S256&code_challenge=7TsROgPKuP0hHoWWwEGqMsIOgzokT3xAz8kWoo7Ivp8
$client_id = '3fgfdd23thuymwsiEANFd7'
$redirect_uri = [System.Web.HTTPUtility]::UrlEncode("https://test/login/callback")
$client_secret = '4Z45jlfsjf12l3231ljfsflsjfsdlriueiot3ucxh'
$token_endpoint = 'https://dev-4786010.okta.com/oauth2/v1/token'
$code_verifier="_fqY.Xg5srawq24h9_A57tjY-ycqX0PzzIcM7VcwLZRou_Mvqn-_tCTz4ICWcXoCTO8NXlm3b9RfGOjSZEH68a_gWgaLByddN5y52M06~Z8XlO3XMgOJRWK0DefsxcmC"
#Put your authorization code here
$auth_code = 'mq5iHdLyBSZkpFubWJC2v3hVptrYT2j9VeQ6QpgED_s'
$pair = "$($client_id):$($client_secret)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$hdrs = @{}
$hdrs.Add("Authorization",$basicAuthValue)
$body = 'code='+$auth_code+'&grant_type=authorization_code&redirect_uri='+$redirect_uri+'&code_verifier='+$code_verifier
$response = Invoke-WebRequest -Uri $token_endpoint -Method Post -Body $body -Headers $hdrs -ContentType 'application/x-www-form-urlencoded'
echo $response.Content > C:\temp\okta-accesstoken.txt
#Fill in userinfo endpoint URL here
$userinfo_endpoint = 'https://dev-4786010.okta.com/oauth2/v1/userinfo'
#Fill in your access token here
$accesstoken = "Bearer eyJraWQiOiJoVUIzX1N0WUMtdkh..._oOtPSAHF7qSPITfjd3l9V6JykndcxPlmPg"
$hdrs = @{}
$hdrs.Add("Authorization",$accesstoken)
$response = Invoke-WebRequest -Uri $userinfo_endpoint -Method Get -Headers $hdrs
echo $response.Content