Build a simple C# OAuth client to access Qlik Sense SaaS

1 Introduction

This tutorial shows you how to use the C# OAuth ASP.NET core client with Qlik Sense SaaS.

2 Prerequisites

  1. Create an OAuth client with your callback URL as the redirect URL.
  2. Save client ID and client secret. This is needed for configuration below.

More details are available at

Create an OAuth Client

3 Setup

3.1 Configure C# client

To obtain Qlik Sense SaaS OAuth tokens for ASP.NET core applications, the first step is to set up the OAuth middleware.

  1. Go to the Configure method of your Startup class. To add the authentication services, call the AddAuthentication method.

  2. Next, go to the ConfigureServices method in the Startup class. To enable cookie authentication, call the AddCookie method. To add OAuth 2.0-based authorization, add the AddOAuth method.

  3. Configure the OAuth authentication handler in the AddOAuth method with the following values.

        .AddOAuth("QCS", config =>
            config.AuthorizationEndpoint = Configuration.GetValue<String>("QCS:AuthorizationEndpoint");
            config.TokenEndpoint = Configuration.GetValue<String>("QCS:TokenEndpoint");
            config.ClientId = Configuration.GetValue<String>("QCS:ClientId");
            config.ClientSecret = Configuration.GetValue<String>("QCS:ClientSecret");
            config.CallbackPath = "/oauth/callback";
            config.UsePkce = true;
            config.SaveTokens = true;

3.2 Request an authorization code

Add the [Authorize] annotation to any resource that needs to be protected and requires a Qlik Sense SaaS OAuth token. This forces the client to begin the OAuth code flow by calling the Authorization endpoint that was configured in the Startup class.

public class HomeController : Controller
    private readonly IConfiguration _config;
    private readonly ILogger<HomeController> _logger;
    private readonly IHttpClientFactory _httpClientFactory;

    public HomeController(ILogger<HomeController> logger, IHttpClientFactory httpClientFactory, IConfiguration config)
        _config = config;
        _logger = logger;
        _httpClientFactory = httpClientFactory;

    public async Task<IActionResult> UsersAsync()
        ViewBag.Users = await FetchQCSUsersAsync();
        return View();

3.3 Exchange the code for tokens

After a successful IdP sign-in, code is generated and redirected to the CallbackPath provided in the Startup class. Next, the token endpoint is called by the server along with the Qlik Sense SaaS OAuth client credentials. Once validated, Qlik Sense SaaS returns a new token set.

3.4 Calling Qlik Sense SaaS APIs with token

The obtained token is saved by the server and can be retrieved from HttpContext. This token can used to call Qlik Sense SaaS endpoints.

private async Task<object> FetchQCSUsersAsync()
    var url = _config.GetValue<String>("QCS:UsersEndpoint");
    var token = await HttpContext.GetTokenAsync("access_token");

    var client = _httpClientFactory.CreateClient();

    client.DefaultRequestHeaders.Add("Authorization", $"Bearer {token}");
    var serverResponse = await client.GetAsync(url);
    string jsonString = await serverResponse.Content.ReadAsStringAsync();
    return JObject.Parse(jsonString)["data"];
Was this page helpful?