Q
Qlik SDK

Authentication Flows

Learn about the different authentication flows available in the Qlik TypeScript SDK and when to use each one.

Authentication Flow Overview

The Qlik SDK supports multiple authentication flows depending on your environment and use case. Each flow is optimized for specific scenarios and security requirements.

Qlik Cloud Flows
• OAuth 2.0 with Web Integration ID
• Popup-based authentication
• JWT token management
Enterprise Flows
• Windows Authentication
• SAML/OIDC Integration
• Custom Authentication Providers

Qlik Cloud Authentication

OAuth 2.0 Authorization Code Flow

Standard OAuth 2.0 flow for web applications

Flow Steps

1
Client redirects user to Qlik Cloud authorization endpoint
2
User authenticates with Qlik Cloud credentials
3
Qlik Cloud redirects back with authorization code
4
Client exchanges code for access token
typescript
const qlik = new Qlik({
  host: 'your-tenant.us.qlikcloud.com',
  webIntegrationId: 'your-web-integration-id'
});

// Initiate OAuth flow
try {
  await qlik.authenticateToQlik();
  console.log('✅ OAuth authentication successful');
  
  // Access token is now stored and managed automatically
  const apps = await qlik.getAppList();
} catch (error) {
  console.error('OAuth authentication failed:', error);
}

Enterprise Authentication

Windows Authentication

Integrated Windows Authentication for domain environments

typescript
// Windows Authentication with Virtual Proxy
const qlik = new Qlik({
  host: 'qlik-server.company.com',
  port: 4848,
  prefix: '/windows-auth',
  secure: true
});

// Authentication is handled by Windows/IIS
// No explicit authentication call needed
try {
  const apps = await qlik.getAppList();
  console.log('✅ Windows authentication successful');
} catch (error) {
  console.error('Windows authentication failed:', error);
}

SAML Authentication

SAML-based single sign-on integration

typescript
// SAML Authentication Configuration
const qlik = new Qlik({
  host: 'qlik-server.company.com',
  port: 4848,
  prefix: '/saml-proxy',
  secure: true,
  // SAML-specific configuration
  identity: 'user@company.com' // Optional: pre-set user identity
});

// Handle SAML authentication flow
async function authenticateWithSAML() {
  try {
    // Check if already authenticated via SAML
    const isAuthenticated = await qlik.isAuthenticated();
    
    if (!isAuthenticated) {
      // Redirect to SAML IdP will be handled by virtual proxy
      await qlik.authenticateToQlik();
    }
    
    console.log('✅ SAML authentication successful');
  } catch (error) {
    console.error('SAML authentication failed:', error);
  }
}

await authenticateWithSAML();

Advanced Authentication Patterns

Session Management in Flows

Persistent Sessions

Maintain authentication across page reloads and app restarts

typescript
class PersistentAuthManager {
  private storageKey = 'qlik-auth-token';

  async initializeWithPersistedSession(config: QlikConfig): Promise<Qlik> {
    const qlik = new Qlik(config);

    try {
      // Try to restore previous session
      const savedToken = this.getStoredToken();
      
      if (savedToken) {
        // Validate stored token
        const isValid = await this.validateToken(qlik, savedToken);
        
        if (isValid) {
          console.log('✅ Restored session from storage');
          return qlik;
        } else {
          this.clearStoredToken();
        }
      }

      // No valid stored session, authenticate fresh
      await qlik.authenticateToQlik();
      
      // Store the new token
      const newToken = await qlik.getAccessToken();
      this.storeToken(newToken);
      
      console.log('✅ New session created and stored');
      return qlik;

    } catch (error) {
      console.error('Session initialization failed:', error);
      this.clearStoredToken();
      throw error;
    }
  }

  private getStoredToken(): string | null {
    try {
      return localStorage.getItem(this.storageKey);
    } catch {
      return null; // localStorage not available
    }
  }

  private storeToken(token: string): void {
    try {
      localStorage.setItem(this.storageKey, token);
    } catch {
      // localStorage not available, continue without persistence
    }
  }

  private clearStoredToken(): void {
    try {
      localStorage.removeItem(this.storageKey);
    } catch {
      // localStorage not available
    }
  }

  private async validateToken(qlik: Qlik, token: string): Promise<boolean> {
    try {
      // Set the token and test it
      qlik.setAccessToken(token);
      await qlik.getAppList(); // Simple API call to test token
      return true;
    } catch {
      return false;
    }
  }
}

// Usage
const authManager = new PersistentAuthManager();

const qlik = await authManager.initializeWithPersistedSession({
  host: 'your-tenant.us.qlikcloud.com',
  webIntegrationId: 'your-web-integration-id'
});

🔐 Authentication Flow Best Practices

Security First: Always use HTTPS in production environments
Error Handling: Implement comprehensive error handling for all authentication scenarios
Token Management: Securely store and manage access tokens
Session Persistence: Consider user experience with session restoration
Multi-Environment: Support different authentication methods per environment
Monitoring: Log authentication events for security and debugging
Popup Blockers: Provide fallback options when popups are blocked
Network Issues: Handle offline scenarios and network timeouts gracefully