Login
This API is used to interact with Edge Auth resources in Qlik elastic environments.
Endpoints
Skip to sectionGET | /login |
POST | /login/jwt-session |
Login using interactive identity provider associated with the tenant.
Facts GET /login
Rate limit required | Tier 1 (1000 requests per minute) |
Header Parameters GET /login
Qlik-Web-Integration-ID string | Web Integration ID associated with origin whitelist used to validate returnto value. |
Query Parameters GET /login
returnto string | Relative or full URL to redirect to after successful login. |
Responses GET /login
302 text/html string | Redirect to the identity provider. |
401 application/json | Invalid login. |
GET/login
curl "https://your-tenant.us.qlikcloud.com/login"
Exchanges a token in the form of a user JWT for a session cookie.
The JWT should be securely signed with an algorithm other than HS, and it should contain the following claims:
- iss: identifies the principal that issued the JWT; it must match the issuer in the IDP definition.
- aud: identifies the recipients of the JWT, which in this case is "qlik.api/login/jwt-session".
- sub: identifies the subject of the JWT.
- subType: the type of identifier the sub represents, which in this case is "user".
- name: the name of the user.
- email: the email address of the user.
- email_verified: a claim indicating to Qlik that the JWT source has verified that the email address belongs to the subject.
- jti: JWT ID; it should be unique for each consumed JWT token.
- iat: identifies the time at which the JWT was issued.
- nbf: identifies the starting time on which the JWT is accepted. The current unix time must be passed this value.
- exp: identifies the expiration time after which the JWT is not accepted.
- keyid: identifies the KeyID used to sign the JWT; it must match the KeyID in the IDP definition.
And the time window between exp and nbf should not exceed 1 hour.
Facts POST /login/jwt-session
Rate limit required | Tier 2 (100 requests per minute) |
Responses POST /login/jwt-session
200 application/json object | Successfully exchanged JWT for session. |
401 application/json | Unauthorized. |
POST/login/jwt-session
curl "https://your-tenant.us.qlikcloud.com/login/jwt-session" \
-X POST \
-H "Authorization: Bearer <Signed JWT>"
Response POST /login/jwt-session
{
"undefined": {}
}
Error
objectAn error object.
Properties
code required string | The error code. |
meta object | Non-standard information about the error. |
title required string | The error title. |
detail string | The detailed error message. |
status string | The http status code. |
Errors
objectA representation of the errors encountered from the HTTP request.
Properties
errors | List of errors and their properties. |
v0.879.8