Re: Implement JWT Authorization - Qlik Community

Markbhai · ‎2024-02-13

Hi Guys,

I am integrating JWT Authentication into my web app. I have successfully obtained a token, and when I attempt to log in using JWT session, I receive a status code of '200'. However, when I try to fetch the CSRF token, it doesn't work and throws a '401 Unauthorized' error. Can anyone clarify this doubt?

const configModule = require("../config/config");

const tokenModule = require("../token/token");

async function auth(req,res) {

const { tenantDomain, qlikWebIntegrationId, appId, currentLoginType, loginTypes } = configModule;

const config = { tenantDomain, qlikWebIntegrationId, appId, currentLoginType, loginTypes };

const token = await tokenModule.generate();

const login = await fetch(

`https://${tenantDomain}/login/jwt-session?qlik-web-integration-id=${qlikWebIntegrationId}`,

{

method: "POST",

credentials: "include",

mode: "cors",

headers: {

"content-type": "application/json",

Authorization: `Bearer ${token}`,

"qlik-web-integration-id": qlikWebIntegrationId

},

rejectunAuthorized: false

}

);

const csrfTokenInfo = await (await fetch(

`https://${tenantDomain}/api/v1/csrf-token?qlik-web-integration-id=${qlikWebIntegrationId}`,

{

credentials: "include",

headers: {

"Qlik-Web-Integration-ID": qlikWebIntegrationId

}

));

return { config, csrfTokenInfo }

}

module.exports = {auth};

pperdigo · ‎2024-03-05

Check if session cookies are set after the login/jwt-session call, maybe you have 3rd-party-cookies blocked on your browser.

dcandyalex · ‎2024-03-05

Hi Markbhai

A 401 Error in this case is due to you not being authorised to make that csrf-token fetch request. If you are doing this in the front-end they should be present but check as @pperdigo suggested. If they are missing you could set the cookies in the subsequent call and then Qlik will think you're authorised and you should get a 200 or 204

Hope this helps

Implement JWT Authorization

Qlik Cloud Services