Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to allow Jira add-on to create issue on behalf of user

vitaliikobrin
vitaliikobrin
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 13, 2018

I'm trying to implement Jira add-on with an ability to create issues on behalf of user.

I've created add-on and followed the all steps of User impersonation for Connect apps tutorial.

I've also implemented webhook to handle 'installed' callback from add-on like described here. So, when a user installs the add-on the webhook will receive the following object:

{
  'key': 'com.example.myapp', 
  'clientKey': '<client key>', 
  'oauthClientId': '<OAuth client ID>', 
  'publicKey': '<public key>', 
  'sharedSecret': '<shared secret>', 
  'serverVersion': '100095', 
  'pluginsVersion': '1.250.0', 
  'baseUrl': 'https://<user's domain>.atlassian.net', 
  'productType': 'jira', 
  'description': 'Description', 
  'eventType': 'installed'
}

After that I generate JWT like described in the tutorial signed with the shared secret

So, my JWT payload includes the following claims:

{
  'iss': 'urn:atlassian:connect:clientid:<OAuth client ID>',
  'sub': 'urn:atlassian:connect:useraccountid:<client key>',
  'tnt': 'https://<user's domain>.atlassian.net',
  'iss': '<created at>',
  'exp': '<created at + 1 minute>'
}

The next step I performed is access token generation using 'https://auth.atlassian.io/oauth2/token' endpoint and the following parameters:

grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=<my JWT>&scope=ACT_AS_USER READ WRITE

Here everything is ok, an access token generated successfully. But, when I'm trying to create an issue using Authorization: Bearer <access_token> header ('https://<user's domain>.atlassian.net/rest/api/2/issue/')  the server responds with:

{
 "error": "Add-on 'com.example.myapp' disallowed to impersonate the user because 'no valid active user exists'"
}

What I've noticed is that account ID in installed callback object has 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' format. But when I open my account in Jira (account in witch the add-on is installed) I see that the account ID in URL has 'YYYYYY:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' format. I changed the subject in my JWT payload to make it look like this:

'sub': 'urn:atlassian:connect:useraccountid:'YYYYYY:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',

and generated a new access token using this JWT. I've used new access token to create an issue and it was successful, the reporter of the issue is a user installed my add-on, just like I wished.

The question is: where can I find that YYYYYY part for my add-on? Maybe I missed some little step from the tutorial. Any help will be appreciated. 

Thank you.

Answer
Watch
Like # people like this
1054 views

1 answer

0 votes
vitaliikobrin
vitaliikobrin
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 13, 2018

One missed detail in my question is add-on descriptor. So, I used the following one:

{
 "name": "Hello World",
 "description": "Atlassian Connect app",
 "key": "com.example.myapp",
 "baseUrl": "https://url.ngrok.io",
 "vendor": {
     "name": "Example, Inc.",
     "url": "http://example.com"
 },
 "authentication": {
     "type": "jwt"
 },
 "scopes": [
    "act_as_user",
    "read",
    "write",
 ],
 "lifecycle": {
    "installed": "/api/created",
 },
 "apiVersion": 1
}
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security